@slowdini/slow-powers-opencode 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -31
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -125,7 +125,7 @@ Releases are cut from `dev` and tagged from `main`:
|
|
|
125
125
|
commits to `dev`, and opens a `dev → main` PR.
|
|
126
126
|
3. Review the release PR (full test matrix runs on it) and merge.
|
|
127
127
|
4. Merging to `main` automatically tags `vX.Y.Z`, creates the GitHub release,
|
|
128
|
-
and publishes `@slowdini/slow-powers-opencode` to npm
|
|
128
|
+
and publishes `@slowdini/slow-powers-opencode` to npm.
|
|
129
129
|
Notes come from the release PR body, or auto-generated if empty.
|
|
130
130
|
|
|
131
131
|
See `.github/workflows/` for the workflow definitions.
|
|
@@ -139,36 +139,6 @@ Actions**:
|
|
|
139
139
|
|--------|------|---------|---------------------|
|
|
140
140
|
| `RELEASE_PR_TOKEN` | GitHub PAT (fine-grained or classic) | `release-pr.yml` | Push to `dev` (Contents: write) and open PRs (Pull requests: write). Required so the release PR triggers CI — PRs opened by the default `GITHUB_TOKEN` do not. |
|
|
141
141
|
|
|
142
|
-
The npm publish needs **no secret**. `release.yml` publishes via npm
|
|
143
|
-
[trusted publishing](https://docs.npmjs.com/trusted-publishers) (OIDC): auth is
|
|
144
|
-
minted per run from the workflow's `permissions: id-token: write`, and provenance
|
|
145
|
-
is generated automatically. `GITHUB_TOKEN` (auto-provided by Actions) covers the
|
|
146
|
-
tag push and `gh release create`.
|
|
147
|
-
|
|
148
|
-
### npm trusted publishing setup (one-time)
|
|
149
|
-
|
|
150
|
-
Trusted publishing is configured on the package, so the package must exist on npm
|
|
151
|
-
first. Bootstrap it once:
|
|
152
|
-
|
|
153
|
-
1. **Create the package with a manual first publish** from a maintainer machine.
|
|
154
|
-
The `prepublishOnly` guard expects CI, so set `CI=true`:
|
|
155
|
-
```bash
|
|
156
|
-
npm login
|
|
157
|
-
CI=true npm publish --access public
|
|
158
|
-
```
|
|
159
|
-
This publishes the current `package.json` version (e.g. `0.1.0`) and creates
|
|
160
|
-
`@slowdini/slow-powers-opencode` on npm.
|
|
161
|
-
2. **Configure the trusted publisher** at npmjs.com → the package → Settings →
|
|
162
|
-
Trusted publishing → GitHub Actions:
|
|
163
|
-
- Organization or user: `slowdini`
|
|
164
|
-
- Repository: `slow-powers`
|
|
165
|
-
- Workflow filename: `release.yml` (filename only, not a path)
|
|
166
|
-
- Environment: leave blank
|
|
167
|
-
- Allowed actions: `npm publish`
|
|
168
|
-
3. **Subsequent releases are fully automated and tokenless.** Cut the next release
|
|
169
|
-
at a higher version (the Release PR workflow enforces strictly-greater); merging
|
|
170
|
-
to `main` publishes via OIDC with provenance.
|
|
171
|
-
|
|
172
142
|
## License
|
|
173
143
|
|
|
174
144
|
MIT — see [`LICENSE`](./LICENSE).
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@slowdini/slow-powers-opencode",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.1",
|
|
4
4
|
"description": "Slow-powers — structured development workflows for coding agents (TDD, debugging, verification, git hygiene)",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./opencode/plugins/slow-powers.js",
|