Skip to content

Commit d67e76e

Browse files
author
Tanjeem Hossain
committed
ci: modify pre-release to use OIDC
Ticket: DX-2083
1 parent 837b8ee commit d67e76e

3 files changed

Lines changed: 1108 additions & 570 deletions

File tree

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ jobs:
2323
node-version: ${{ matrix.version }}
2424
cache: yarn
2525
- name: Install dependencies
26-
run: yarn install
26+
run: yarn install --frozen-lockfile
2727
- name: Lint
2828
run: yarn lint:check
2929
- name: Typecheck

.github/workflows/prerelease.yml

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,11 @@
11
name: Prerelease
2+
permissions:
3+
# Needed for npm Trusted Publishing
4+
id-token: write
5+
# Needed for semantic-release
6+
contents: write
7+
pull-requests: write
8+
issues: write
29
on:
310
push:
411
branches:
@@ -7,6 +14,7 @@ jobs:
714
release:
815
name: Prerelease
916
runs-on: ubuntu-latest
17+
environment: publish
1018
steps:
1119
- name: Checkout
1220
uses: actions/checkout@v4
@@ -15,14 +23,16 @@ jobs:
1523
- name: Setup Node.js
1624
uses: actions/setup-node@v4
1725
with:
18-
node-version: 20.x
26+
node-version: 22.x
27+
- name: Ensure npm 11.5.1 or later for trusted publishing
28+
run: |
29+
npm install -g npm@11.5.1
1930
- name: Install dependencies
2031
run: yarn
2132
- name: Build library
2233
run: yarn build:prod
2334
- name: Release
2435
env:
2536
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
26-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
2737
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
2838
run: yarn run semantic-release

0 commit comments

Comments
 (0)