ci: enable trusted publishing

[JounQin]

Important

Enhances release workflow by upgrading npm to the latest version and removing specific npm environment variables.

• Workflow Changes:
  • Adds a step to upgrade npm to the latest version in .github/workflows/release.yml.
  • Removes NPM_CONFIG_PROVENANCE and NPM_TOKEN environment variables from the release job in .github/workflows/release.yml.

^{This description was created by for 1a64ce0. You can customize this summary. It will automatically update as commits are pushed.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1a64ce0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@JounQin has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 15 minutes and 3 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 8efd302 and 1a64ce0.

📒 Files selected for processing (1)

• .github/workflows/release.yml (1 hunks)

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci/trusted_publishing

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to 1a64ce0 in 25 seconds. Click for details.

• Reviewed 20 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 2 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/release.yml:34

• Draft comment:
  Added npm upgrade step: confirm this is necessary and won't conflict with Node's bundled npm.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

2. .github/workflows/release.yml:50

• Draft comment:
  Removed NPM token env vars: ensure trusted publishing still works without them.
• Reason this comment was not posted:
  Confidence changes required: 33% <= threshold 50% None

Workflow ID: wflow_KVXR43Gi27mmecqm

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[Copilot]

Pull Request Overview

This PR enables trusted publishing for package releases by modifying the GitHub Actions release workflow. The changes remove the need for manually managed NPM tokens by leveraging GitHub's trusted publishing mechanism.

• Adds npm upgrade step to ensure latest npm version with trusted publishing support
• Removes manual NPM token configuration in favor of automated trusted publishing

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.}

[github-actions]

📊 Package size report   No changes

File	Before	After
Total (Includes all files)	20.6 kB	20.6 kB
Tarball size	6.6 kB	0.03%↑6.7 kB

Unchanged files

File	Size
lib/index.d.ts	351 B
lib/index.js	1.2 kB
lib/index.js.map	452 B
lib/types.d.ts	4.6 kB
lib/types.js	110 B
lib/types.js.map	102 B
lib/utils.d.ts	741 B
lib/utils.js	2.0 kB
lib/utils.js.map	1.4 kB
LICENSE	1.1 kB
package.json	3.5 kB
README.md	5.0 kB

_{🤖 This report was automatically generated by pkg-size-action}

[github-actions]

Deploy preview for eslint-import-context ready!

✅ Preview
https://eslint-import-context-qd7oc8i4t-1stg.vercel.app

Built with commit 1a64ce0.
This pull request is being automatically deployed with vercel-action

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (8efd302) to head (1a64ce0).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #29   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines           52        52           
  Branches        16        16           
=========================================
  Hits            52        52           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

size-limit report 📦

Path	Size
src/index.ts	184 B (0%)

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/eslint-import-context@29

commit: 1a64ce0