You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/DISTRIBUTION.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ Release GitHub writes use `putio-release-bot` for version sync commits, `v*` tag
28
28
29
29
The npm package uses Trusted Publishing from GitHub Actions. On npm, configure owner `putdotio`, repository `putio-sockjs`, workflow `ci.yml`, and Environment named `release` for the package.
30
30
31
-
The workflow grants `id-token: write` so npm can mint short-lived publish credentials and provenance; do not add a long-lived `NPM_TOKEN` secret.
31
+
The workflow grants `id-token: write` so npm mints short-lived publish credentials and provenance for the release job.
32
32
33
33
The workflow keeps dependency caches only on the secretless verify job. The secret-bearing release job runs a fresh `vp install` with package-manager caching disabled before publishing to npm.
0 commit comments