Skip to content

Commit 96d3aa7

Browse files
committed
ci: Publish releases using OIDC instead of npm token
1 parent 11929f2 commit 96d3aa7

3 files changed

Lines changed: 1779 additions & 2022 deletions

File tree

.github/workflows/main.yml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,11 @@ jobs:
7575
runs-on: ubuntu-latest
7676
needs: unit-test
7777
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/beta'
78+
permissions:
79+
contents: write # to be able to publish a GitHub release
80+
issues: write # to be able to comment on released issues
81+
pull-requests: write # to be able to comment on released pull requests
82+
id-token: write # to enable use of OIDC for trusted publishing and npm provenance
7883
steps:
7984
- name: Checkout
8085
uses: actions/checkout@v4
@@ -83,6 +88,9 @@ jobs:
8388
with:
8489
node-version: 22
8590

91+
- name: Update npm # Trusted Publishing requires npm >=11.5.1
92+
run: npm i -g npm@latest
93+
8694
- name: Restore cache
8795
uses: actions/cache@v4
8896
with:
@@ -96,4 +104,3 @@ jobs:
96104
run: yarn semantic-release
97105
env:
98106
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
99-
NPM_TOKEN: ${{ secrets.NPM_PUBLISHING_TOKEN }}

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838
"expect-type": "^0.18.0",
3939
"jest": "^29.7.0",
4040
"nyc": "^15.1.0",
41-
"semantic-release": "^19.0.5",
41+
"semantic-release": "^25.0.3",
4242
"ts-jest": "29.1.1",
4343
"ts-node": "^10.9.2",
4444
"tsconfig-paths": "^4.2.0",

0 commit comments

Comments
 (0)