Skip to content

Commit ac60139

Browse files
committed
chore(github-action): update release workflow
- update action to now use OIDC trusted publishing
1 parent 6a320af commit ac60139

1 file changed

Lines changed: 25 additions & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ on:
55
branches:
66
- main
77

8+
permissions:
9+
actions: write
10+
contents: write
11+
id-token: write # Required for npm trusted publishing (OIDC)
12+
813
jobs:
914
release:
1015
runs-on: ubuntu-latest
@@ -38,6 +43,9 @@ jobs:
3843
- name: Setup
3944
uses: ./.github/actions/ci
4045

46+
- name: Update npm
47+
run: npm install -g npm@latest
48+
4149
- name: Creating .npmrc
4250
run: |
4351
cat << EOF > "$HOME/.npmrc"
@@ -47,6 +55,21 @@ jobs:
4755
env:
4856
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
4957

58+
- name: Setup Node.js for npm publishing
59+
run: npm --version
60+
61+
- name: Building packages
62+
run: yarn build
63+
64+
- name: Verify npm OIDC configuration
65+
run: |
66+
# Verify registry is set correctly
67+
echo "Registry: $(npm config get registry)"
68+
# Ensure no token-based auth is configured (OIDC should be used automatically)
69+
npm config delete //register.npmjs.org/:_authToken || true
70+
# Verify npm can access the registry (this will use OIDC if configured)
71+
echo "npm OIDC authentication configured via setup-node action"
72+
5073
- name: Building packages
5174
run: yarn build
5275

@@ -59,3 +82,5 @@ jobs:
5982
commit: 'ci(changesets): version packages'
6083
env:
6184
GITHUB_TOKEN: ${{ steps.generate_github_token.outputs.token }}
85+
# Ensure npm uses OIDC authentication
86+
NPM_CONFIG_REGISTRY: 'https://registry.npmjs.org'

0 commit comments

Comments
 (0)