Skip to content

Commit 2dec136

Browse files
damienbuttdamienbutt
committed
ci: update workflow for trusted publishing
1 parent 2bf2b78 commit 2dec136

2 files changed

Lines changed: 18 additions & 7 deletions

File tree

.github/workflows/ci.yml

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ jobs:
1313
build:
1414
name: Build, lint, and test on Node ${{ matrix.node }} and ${{ matrix.os }}
1515

16+
permissions:
17+
contents: read
18+
1619
runs-on: ${{ matrix.os }}
1720

1821
strategy:
@@ -67,6 +70,12 @@ jobs:
6770
release:
6871
name: Release
6972

73+
permissions:
74+
contents: write
75+
issues: write
76+
pull-requests: write
77+
id-token: write
78+
7079
if: ${{ github.ref == 'refs/heads/master' }}
7180

7281
needs: [build]
@@ -90,19 +99,15 @@ jobs:
9099
with:
91100
node-version-file: .nvmrc
92101
cache: "pnpm"
102+
registry-url: https://registry.npmjs.org/
93103

94104
- name: Install
95-
run: pnpm install
105+
run: pnpm install --frozen-lockfile
96106

97107
- name: Build
98108
run: pnpm build
99109

100110
- name: Release
101111
run: pnpm semantic-release
102112
env:
103-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
104113
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
105-
GIT_AUTHOR_NAME: ${{ secrets.SEMANTIC_RELEASE_GIT_NAME }}
106-
GIT_AUTHOR_EMAIL: ${{ secrets.SEMANTIC_RELEASE_GIT_EMAIL }}
107-
GIT_COMMITTER_NAME: ${{ secrets.SEMANTIC_RELEASE_GIT_NAME }}
108-
GIT_COMMITTER_EMAIL: ${{ secrets.SEMANTIC_RELEASE_GIT_EMAIL }}

.releaserc.json

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -88,7 +88,13 @@
8888
"changelogTitle": "# Changelog"
8989
}
9090
],
91-
"@semantic-release/npm",
91+
[
92+
"@semantic-release/npm",
93+
{
94+
"npmPublish": true,
95+
"provenance": true
96+
}
97+
],
9298
[
9399
"@semantic-release/git",
94100
{

0 commit comments

Comments
 (0)