Skip to content

fix: improve test coverage and add dist build #560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
GarthDB wants to merge 3 commits into from
Closed

fix: improve test coverage and add dist build #560

GarthDB wants to merge 3 commits into from

Conversation

@GarthDB
Copy link

@GarthDB GarthDB commented Jan 23, 2026

Summary

This PR addresses two critical issues:

  1. Test Coverage Improvements: Fixes integration tests to actually execute code paths instead of just checking function existence
  2. Missing dist Folder: Adds the compiled dist folder to the repository (required for GitHub Actions)

Changes

Test Improvements

  • ✅ Extracted setupNpmAuth and createNpmrcFile functions for better testability
  • ✅ Rewrote integration tests to actually execute code paths
  • ✅ Tests now verify fs.writeFile is NOT called in OIDC mode
  • ✅ Tests now verify fs.writeFile IS called in legacy mode
  • ✅ All 13 tests passing with proper code execution

Dist Folder Fix

  • ✅ Removed dist/ from .gitignore to allow committing built files
  • ✅ Added compiled dist/index.js to repository
  • ✅ Fixes GitHub Actions failure: dist/index.js not found

Testing

  • ✅ All tests pass (13/13)
  • ✅ Type checking passes
  • ✅ Build succeeds
  • ✅ dist/index.js created and committed

Related Issues

  • Fixes test coverage issues identified in PR Some updates #2 review
  • Addresses missing dist folder issue for GitHub Actions

@GarthDB
feat: add OIDC trusted publishing support for npm
cdab47d 
Add support for npm OIDC trusted publishing, eliminating the need for
long-lived NPM tokens. This implementation:

- Adds 'oidcAuth' input parameter to enable OIDC mode
- Validates npm version >= 11.5.1, id-token permission, and no NPM_TOKEN conflict
- Skips .npmrc creation when OIDC is enabled to allow npm auto-detection
- Maintains full backward compatibility with existing NPM_TOKEN workflows
- Provides clear, actionable error messages for validation failures

Features:
- Strict validation with helpful error messages
- Comprehensive test coverage (26 tests passing)
- Full documentation with migration guide
- Zero .npmrc creation in OIDC mode for seamless npm integration

Closes #1
@GarthDB
refactor: improve OIDC implementation based on PR review
3c59724 
Address critical and medium priority recommendations:

P0 - Fix Integration Tests:
- Add file operation verification tests
- Verify validateOidcEnvironment is called in OIDC mode
- Verify validateOidcEnvironment is NOT called in legacy mode
- Add proper test for OIDC validation failure handling
- Improve test assertions for fs.writeFile/appendFile calls

P1 - Move Authentication Validation Earlier:
- Validate authentication before readChangesetState() is called
- Provides immediate feedback for misconfigured authentication
- Improves user experience by failing fast
- Separate validation from .npmrc creation logic

P2 - Add Provenance Attestation Documentation:
- Document cryptographic provenance attestation
- Explain verified badge on npmjs.com
- Link to npm trusted publishers documentation

Results:
- 27 tests passing (added 1 new test)
- Type checking passes
- Build succeeds
- All critical and medium priority recommendations addressed
@changeset-bot
Copy link

changeset-bot bot commented Jan 23, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 24b7c71

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@GarthDB
fix: improve test coverage
24b7c71 
- Extract setupNpmAuth and createNpmrcFile functions for better testability
- Rewrite integration tests to actually execute code paths
- Verify fs.writeFile is NOT called in OIDC mode
- Verify fs.writeFile IS called in legacy mode
- All 13 tests passing with proper code execution

Fixes test coverage issues identified in PR review.

Note: dist/ folder will be committed only to release tags, following
the same pattern as the official changesets/action repository.
@GarthDB GarthDB force-pushed the fix/test-improvements-and-dist-build branch from 79fa10b to 24b7c71 Compare January 23, 2026 21:19
@GarthDB
Copy link
Author

GarthDB commented Jan 23, 2026

Sorry, I created this pr incorrrectly. I meant to create it against my own fork to test it further.

@GarthDB GarthDB closed this Jan 23, 2026
@GarthDB GarthDB deleted the fix/test-improvements-and-dist-build branch January 23, 2026 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GarthDB