We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent c17713c commit 42c64ffCopy full SHA for 42c64ff
1 file changed
.github/workflows/publish.yml
@@ -11,6 +11,9 @@ concurrency:
11
jobs:
12
publish:
13
runs-on: ubuntu-latest
14
+ permissions:
15
+ contents: read
16
+ id-token: write # OIDC trusted publishing — authenticates to npm without a long-lived token
17
steps:
18
- uses: actions/checkout@v4
19
@@ -23,6 +26,9 @@ jobs:
23
26
node-version: 20
24
27
registry-url: https://registry.npmjs.org
25
28
29
+ # Trusted publishing (OIDC) requires npm >= 11.5.1; Node 20 ships npm 10.
30
+ - run: npm install -g npm@latest
31
+
32
- run: pnpm install --no-frozen-lockfile
33
- run: pnpm build
34
@@ -38,5 +44,3 @@ jobs:
38
44
npm publish --access public
39
45
echo "Published $PACKAGE_NAME@$LOCAL_VER"
40
46
fi
41
- env:
42
- NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
0 commit comments