v0.3.59 release (redux)

[bradhe]

• Fixes broken permissions on invoking the publish-npm.yaml script.

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflow configuration to enhance security by explicitly declaring required permissions for the release process.

[coderabbitai]

📝 Walkthrough

Walkthrough

The custom-publish-npm job in the GitHub Actions release workflow now explicitly declares required permissions at the job level, granting read access to contents, write access to packages, and write access to id-token. No logic or control flow changes were made.

Changes

Cohort / File(s)	Summary
GitHub Actions Permissions .github/workflows/release.yml	Added explicit job-level permissions declaration for custom-publish-npm job with read access to contents and write access to packages and id-token.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• jo-sm
• giray123
• sammuti

Poem

🐰 With permissions now declared, so clear and bright,
The workflow knows exactly what it needs tonight,
contents to read, packages to write with care,
id-token granted—no secrets laid bare! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'v0.3.59 release (redux)' is vague and misleading, not describing the actual change of fixing GitHub Actions permissions in the release workflow.	Use a more descriptive title like 'Fix permissions for custom-publish-npm GitHub Actions job' to clearly reflect the permission fixes in the workflow file.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socksy]

I guess the vals could all be in quotes to be consistent?

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yml:
- Around line 310-313: In the custom-publish-npm job in release.yml, remove the
unnecessary "packages: \"write\"" permission from the permissions block so only
"contents: read" and "id-token: write" remain; update the permissions
declaration used by the custom-publish-npm job to eliminate the packages write
scope (leave contents and id-token as-is) to follow least-privilege principles.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: ec5380e6-ae25-4520-8a7f-1258721eb8e6

📥 Commits

Reviewing files that changed from the base of the PR and between b3606d1 and 4e67d26.

📒 Files selected for processing (1)

• .github/workflows/release.yml