CLOUDPLAT-3162: add npm OIDC publish workflow (mcp-devkit-server) by haseebehsan · Pull Request #122 · mapbox/mcp-devkit-server

haseebehsan · 2026-06-24T09:57:14Z

Summary

.github/workflows/npm-release.yml: new workflow_dispatch workflow that publishes to npm and creates a GitHub release using OIDC Trusted Publishing — no npm tokens required.
CONTRIBUTING.md: documents the release process — bump version, update CHANGELOG, merge PR, trigger workflow from Actions tab.
package.json: patch version bump and publishConfig: { access: "public" } for the scoped package.

The workflow uses an npm-release GitHub Environment as a release gate. Before merging, create it in this repo:

Go to Settings → Environments → New environment, name it npm-release
Under Deployment branches, restrict to the default branch (main)
Under Required reviewers, add your team (or mapbox/team-mapbox to allow any Mapbox employee to approve)

Without this environment, the workflow will fail when triggered.

Trigger: once merged, run from the Actions tab → NPM release → Run workflow → approve the environment gate.

CLOUDPLAT-3162: add npm OIDC publish workflow

92b732c

https://mapbox.atlassian.net/browse/CLOUDPLAT-3162

haseebehsan added the ai When AI coding agents co-author the code label Jun 24, 2026

haseebehsan requested a review from a team as a code owner June 24, 2026 09:57

haseebehsan added the ai When AI coding agents co-author the code label Jun 24, 2026