Merge pull request #96 from cmolisee/wtx-refactor

Wtx refactor

Author: cmolisee

.github/workflows/release.yml

@@ -12,43 +12,31 @@ jobs:
           contents: write
           issues: write
           pull-requests: write
+          id-token: write
+          packages: write
 
         steps:
             - uses: actions/checkout@v4
               with:
                 fetch-depth: 0
                 token: ${{ secrets.RELEASE_PAT }}
 
-            - name: Import GPG key
-              id: import_gpg
-              uses: crazy-max/ghaction-import-gpg@v6
-              with:
-                gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
-                passphrase: ${{ secrets.GPG_PASSPHRASE }}
-                git_config_global: true
-                git_user_signingkey: true
-                git_commit_gpgsign: true
-
-            # Add these debug steps
-            - name: Debug GPG
-              run: |
-                echo "GPG Key ID: ${{ steps.import_gpg.outputs.keyid }}"
-                git config --global --list
-                gpg --list-secret-keys --keyid-format LONG
-
             - name: Setup Node.js
               uses: actions/setup-node@v4
               with:
-                node-version: '20.x'
+                node-version: 'lts/*'
+                cache: 'npm'
 
             - name: Install dependencies
-              run: |
-                  npm ci
+              run: npm ci
+
+            - name: Verify the integrity of provenance attestations and registry signatures
+              run: npm audit signatures
+
+            - name: Build
+              run: npm run build
 
             - name: Release
               env:
                 GITHUB_TOKEN: ${{ secrets.RELEASE_PAT }}
-                GPG_KEY_ID: ${{ steps.import_gpg.outputs.keyid }}
-              run: |
-                git config --global user.signingkey $GPG_KEY_ID
-                npx semantic-release
+              run: npx semantic-release