Commit 158965f
authored
chore(workflow): switch npm release to OIDC (#146)
## Summary
This PR migrates the npm release authentication from a static
`NPM_TOKEN` (secret) to OpenID Connect (OIDC) via GitHub's Trusted
Publishers.
## Changes
- Added `id-token: write` and `contents: read` permissions to the
`release-npm-registry` job.
- Removed the dependency on `secrets.NPM_TOKEN`.
- Maintained `NPM_CONFIG_PROVENANCE=true` for secure package publishing.
## Impact
- **Security**: No longer requires managing long-lived npm tokens in
GitHub Secrets.
- **Workflow**: Authentication is now handled automatically by GitHub's
OIDC provider.1 parent 637ab91 commit 158965f
2 files changed
Lines changed: 4 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
| 51 | + | |
51 | 52 | | |
52 | 53 | | |
53 | 54 | | |
| |||
61 | 62 | | |
62 | 63 | | |
63 | 64 | | |
64 | | - | |
65 | | - | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
| |||
66 | 66 | | |
67 | 67 | | |
68 | 68 | | |
69 | | - | |
70 | | - | |
| 69 | + | |
| 70 | + | |
71 | 71 | | |
72 | 72 | | |
73 | 73 | | |
| |||
0 commit comments