Add OIDC stuff to deploy to npm now

StefanH-AT · StefanH-AT · commit 67dfa0685370 · 2026-06-22T17:35:20.000+02:00
diff --git a/.github/workflows/_deploy.yml b/.github/workflows/_deploy.yml
@@ -1,3 +1,5 @@
+# https://docs.npmjs.com/trusted-publishers#github-actions-configuration
+
 name: Deploy package
 
 on:
@@ -6,9 +8,10 @@ on:
       package-name:
         required: true
         type: string
-    secrets:
-      NPM_TOKEN:
-        required: true
+
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
 
 jobs:
   deploy:
@@ -24,6 +27,7 @@ jobs:
       with:
         node-version: '24.x'
         registry-url: 'https://registry.npmjs.org'
+        package-manager-cache: false  # never use caching in release builds
 
     - name: Summary Head
       run: |
