fix: publish with OIDC

Author: ghiscoding

.github/workflows/main.yml

@@ -19,8 +19,6 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
-      matrix:
-        node: [22]
 
     steps:
       - name: Retrieve current Date Time in EST
@@ -35,35 +33,24 @@ jobs:
         with:
           fetch-depth: 3
 
-      - name: Set NodeJS
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node }}
-
       - name: Install pnpm
         uses: pnpm/action-setup@v3
         with:
           version: 10
           run_install: false
 
-      - name: Get pnpm store directory
-        shell: bash
-        run: |
-          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
-
-      - uses: actions/cache@v4
-        name: Setup pnpm cache
+      - name: Set NodeJS
+        uses: actions/setup-node@v4
         with:
-          path: ${{ env.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
+          node-version: 24
+          cache: 'pnpm'
+
+      - run: node --version
+      - run: pnpm --version
 
       - name: Run pnpm install dependencies
         run: pnpm install
 
-      - run: pnpm --version
-
       - name: Biome Lint Check
         run: pnpm biome:lint:check
 

.github/workflows/publish-npm-latest.yml renamed to .github/workflows/release.yml

@@ -1,4 +1,4 @@
-name: 🏷️ Lerna Publish NPM Latest
+name: 🏷️ Release to NPM
 
 on:
   workflow_dispatch:
@@ -30,36 +30,24 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
 
       - if: ${{ github.event.pull_request.merged != true && contains('["ghiscoding"]', github.actor) != true }}
         name: Exit early when current actor is not allowed to push new release
         run: |
           echo "Error: Your GitHub username (${{ github.actor }}) is not on the allowed list of admins for this workflow"
           exit 1
 
-      - name: Set NodeJS
-        uses: actions/setup-node@v4
-        with:
-          registry-url: 'https://registry.npmjs.org/'
-          node-version: 22
-
       - name: Install pnpm
         uses: pnpm/action-setup@v3
         with:
           version: 10
           run_install: false
 
-      - name: Get pnpm store directory
-        run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
-
-      - name: Setup pnpm cache
-        uses: actions/cache@v4
+      - name: Set NodeJS
+        uses: actions/setup-node@v4
         with:
-          path: ${{ env.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
+          registry-url: 'https://registry.npmjs.org/'
+          node-version: 24
 
       - name: Run pnpm install dependencies
         run: pnpm install
@@ -94,30 +82,15 @@ jobs:
       - name: Lerna Version 🏷️
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_CONFIG_PROVENANCE: true
         run: |
           git config --global user.name "${{ github.actor }}"
           git config --global user.email "${{ github.actor }}@users.noreply.github.com"
-          pnpm whoami
           pnpm exec ${{ env.LERNA_VERSION_QUERY }}
 
-      - name: OTP
-        if: ${{ inputs.dryrun != true }}
-        uses: step-security/wait-for-secrets@v1
-        id: wait-for-secrets
-        with:
-          secrets: |
-            OTP:
-              name: 'OTP to publish package'
-              description: 'OTP from authenticator app'
-
       - name: Lerna Publish 📦
         if: ${{ inputs.dryrun != true }}
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_CONFIG_PROVENANCE: true
         run: |
           pnpm exec lerna publish from-package --force-publish --yes --otp ${{ steps.wait-for-secrets.outputs.OTP }}