Migrate PR CI to pull_request and make publishing opt-in
This change addresses the npm classic token revocation by migrating to trusted publishing (OIDC) for PR pre-releases. Changes: - Change CI trigger from pull_request_target to pull_request for security - Create new publish-pr.yaml workflow with workflow_dispatch for opt-in PR pre-release publishing (packages and docs preview) - Add composite actions for setup-deno and setup-node-and-pnpm to reduce duplication across workflows - Add scripts/generate_packages_table.ts to dynamically generate package tables for PR comments (supports new packages in PRs or next branch) - Update CONTRIBUTING.md to document the new opt-in PR build process Closes https://github.com/fedify-dev/fedify/issues/491 Co-Authored-By:Claude <noreply@anthropic.com>
Loading
Please register or sign in to comment