changesets · Andarist · May 2, 2025 · May 2, 2025 · s0 · May 2, 2025
diff --git a/.changeset/config.json b/.changeset/config.json
@@ -1,10 +1,10 @@
 {
   "$schema": "https://unpkg.com/@changesets/[email protected]/schema.json",
-  "changelog": "@changesets/cli/changelog",
+  "changelog": ["@changesets/changelog-github", { "repo": "changesets/ghcommit" }],
   "commit": false,
   "fixed": [],
   "linked": [],
-  "access": "restricted",
+  "access": "public",
   "baseBranch": "main",
   "updateInternalDependencies": "patch",
   "ignore": []

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -1,5 +1,5 @@
 name: CI Checks
-on: 
+on:
   pull_request:
   push:
     branches:
@@ -23,7 +23,7 @@ jobs:
         run: |
           VERSION=$(cat package.json | grep '"packageManager": "pnpm@' | sed 's/.*"pnpm@\([^"]*\)".*/\1/')
           npm install -g pnpm@$VERSION
-      - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v 4.2.3
+      - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: ~/.pnpm-store
           key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}

diff --git a/.github/workflows/release-and-publish.yaml b/.github/workflows/release-and-publish.yaml
@@ -8,14 +8,11 @@ on:
 permissions:
   contents: write
   pull-requests: write
-  id-token: write
 
 jobs:
   release-and-publish:
     runs-on: ubuntu-latest
-    environment: main
     steps:
-
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -28,20 +25,16 @@ jobs:
           VERSION=$(cat package.json | grep '"packageManager": "pnpm@' | sed 's/.*"pnpm@\([^"]*\)".*/\1/')
           npm install -g pnpm@$VERSION
       - name: Cache pnpm modules
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v 4.2.3
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: ~/.pnpm-store
           key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
       - run: pnpm install --frozen-lockfile
       - run: pnpm build
-      - name: Configure PNPM to use token
-        run:
-          echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" >> .npmrc
       - name: Run Changeset Workflow
-        uses: s0/changesets-action@63d3e3fda2c00696414ca2d6683e046289c13fd8 # v2.1.0
+        uses: changesets/action@06245a4e0a36c064a573d4150030f5ec548e4fcc # v1.4.10
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         with:
           publish: pnpm changeset publish
-          createGithubReleases: true
diff --git a/.npmrc b/.npmrc
@@ -1,2 +1 @@
-provenance=true
 //registry.npmjs.org/:_authToken=${NPM_TOKEN}
diff --git a/package.json b/package.json
@@ -1,7 +1,6 @@
 {
   "name": "@changesets/ghcommit",
   "version": "1.3.0",
-  "private": false,
   "description": "Directly change files on github using the github API, to support GPG signing",
   "keywords": [
     "actions",
@@ -56,6 +55,7 @@
   "devDependencies": {
     "@actions/github": "^6.0.0",
     "@changesets/cli": "^2.27.7",
+    "@changesets/changelog-github": "^0.5.1",
     "@graphql-codegen/cli": "^5.0.2",
     "@graphql-codegen/import-types-preset": "^3.0.0",
     "@graphql-codegen/typescript": "^4.0.4",
@@ -92,4 +92,4 @@
   "dependencies": {
     "isomorphic-git": "^1.27.1"
   }
-}
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
Original file line number	Diff line number	Diff line change
		@@ -1,2 +1 @@
		provenance=true
Copy link Collaborator s0 May 2, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. What's the reason for disabling provenance and removing the ID token? Copy link Member Author Andarist May 2, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. id-token - I don't udnerstand it 😂 I tried to google it up quickly but I couldn't find what exactly it does for us here. provenance - I wasn't quite sure if this would work, doesn't it require some extra setup? I recall people complaining that Changesets doesn't support it yet. I haven't had a chance to look into it though. I just went for the simplest setup possible, reflecting the one that we have in other repos. But certainly if we can make this work - it would be great to make it work but perhaps in follow up PRs? Copy link Collaborator s0 May 2, 2025 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Sure happy to do it in follow up PRs. It should "just work" in theory, with the id token set up. Can test it here and then if it works apply it elsewhere =)
		//registry.npmjs.org/:_authToken=${NPM_TOKEN}