migrate npm publish to OIDC trusted publishing

benzekrimaha · benzekrimaha · commit c93d518f6f56 · 2026-04-13T12:01:20.000+02:00
This commit updates the release workflow to use npm
trusted publishing (OIDC) instead of NPM_TOKEN.
it also adds required job permissions for npm OIDC auth:
id-token: write and contents: read.
Npm publish was kept explicit with --access public.
package.json repository metadata was updated to npm-recommended object format.

Issue:HD-4608
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -37,18 +37,19 @@ jobs:
   publish-npm:
     runs-on: ubuntu-latest
     needs: check
+    permissions:
+      id-token: write
+      contents: read
     environment: npmjs
     steps:
       - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npmjs.org
       - uses: actions/setup-node@v4
         with:
-          node-version: '22'
+          node-version: '24'
           registry-url: 'https://registry.npmjs.org'
       - run: npm install
-      - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - run: npm publish --access public
   release-github:
     runs-on: ubuntu-latest
     needs:
diff --git a/package.json b/package.json
@@ -35,7 +35,10 @@
     "sourceMap": true,
     "instrument": true
   },
-  "repository": "git://github.com/scality/hdclient.git ",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/scality/hdclient.git"
+  },
   "author": "Maxime Lubin",
   "dependencies": {
     "httpagent": "github:scality/httpagent#1.1.0",
