ci: change-event-for-publish-snapshot

[ryanbas21]

JIRA Ticket

n/a

Description

the event was wrong which made snapshots not work. sorry!

Summary by CodeRabbit

• Chores
  • Updated the release publishing workflow to run on more event types, ensuring the Trusted Snapshot Publish step executes consistently during non-push events. This broadens automation coverage and reduces the chance of missed publishes. Improves reliability of the release pipeline and transparency in publishing. No changes to product features or user experience.

[changeset-bot]

⚠️ No Changeset found

Latest commit: b72ca28

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Adjusts the condition for the trusted-publish job in .github/workflows/publish.yml to run on all non-push events by changing the if expression from github.event_name == 'workflow_call' to github.event_name != 'push'.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow logic .github/workflows/publish.yml	Modify trusted-publish job condition: from if: ${{ github.event_name == 'workflow_call' }} to if: ${{ github.event_name != 'push' }} to allow execution on all non-push events.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as GitHub Event
    participant WF as publish.yml Workflow
    participant TP as trusted-publish Job

    Dev->>WF: Trigger workflow (event_name)
    alt event_name != "push"
        WF->>TP: Run trusted-publish
        Note over TP: if condition satisfied
    else event_name == "push"
        WF--xTP: Skip trusted-publish
        Note over WF: Condition not met
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ci: use-trusted-publishers #418 — Introduced the workflow_call-triggered reusable trusted-publish job that this PR now broadens to non-push events.

Suggested reviewers

• cerebrl

Poem

I thump my paw—deploys in sight,
Not just on calls, but every night;
When pushes pause, I still can run,
A trusted hop, a tidy one.
Carrots queued, the pipeline bright,
Ship it smooth—delightful byte! 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "ci: change-event-for-publish-snapshot" is concise and directly describes the primary change to CI event handling for snapshot publishing, matching the changeset intent and making the main purpose clear to reviewers scanning history.
Description Check	✅ Passed	The PR description includes the required template headings (JIRA Ticket and Description) and explains the issue at a high level, but it is terse and omits specifics such as the changed file and the exact conditional expression that was updated, so it is structurally compliant but lacking useful detail.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch use-trusted-publishers

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1713c01 and b72ca28.

📒 Files selected for processing (1)

• .github/workflows/publish.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: pr

🔇 Additional comments (1)

.github/workflows/publish.yml (1)

160-168: Guard snapshot publish to only run when invoked as a reusable workflow

File: .github/workflows/publish.yml (lines 160–168)

Current:

  trusted-publish:
    if: ${{ github.event_name != 'push' }}
    name: Trusted Snapshot Publish
    permissions:
      contents: write # read+write repo (okay for artifacts/logs)
      id-token: write # REQUIRED: OIDC for npm Trusted Publishers
      issues: write
      pull-requests: write
    runs-on: ubuntu-latest

Recommended diff:

-    if: ${{ github.event_name != 'push' }}
+    if: ${{ github.event_name != 'push' && inputs.branch != '' }}

Couldn't locate any callers in this repo (ripgrep returned no files); verify that callers pass inputs.branch (or adjust the condition) before merging.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit b72ca28

Command	Status	Duration	Result
nx run-many -t build	✅ Succeeded	<1s	View ↗
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	4m 28s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-09-23 22:11:47 UTC

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.19%. Comparing base (105551a) to head (b72ca28).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #419      +/-   ##
==========================================
+ Coverage   55.63%   56.19%   +0.56%     
==========================================
  Files          32       32              
  Lines        2051     2091      +40     
  Branches      344      353       +9     
==========================================
+ Hits         1141     1175      +34     
- Misses        910      916       +6     

see 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed 2b4ab90 to https://ForgeRock.github.io/ping-javascript-sdk/pr-419/2b4ab909d147d43acd47fd8969d2a55c0c1fce2d branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

➖ No Changes

➖ @forgerock/davinci-client - 34.5 KB
➖ @forgerock/sdk-utilities - 4.0 KB
➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/sdk-types - 5.9 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-oidc - 2.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/storage - 1.4 KB
➖ @forgerock/sdk-request-middleware - 4.4 KB
➖ @forgerock/iframe-manager - 2.4 KB
➖ @forgerock/oidc-client - 23.1 KB

---

11 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}