chore: Use new NPM trusted publishing

.github/dependabot.yml

@@ -13,44 +13,8 @@ updates:
   - package-ecosystem: "github-actions"
     # Workflow files stored in the
     # default location of `.github/workflows`
-    directory: "/"
+    directories:
+      - "/"
+      - "/.github/actions/*"
     schedule:
       interval: "daily"
-
-  - package-ecosystem: "npm" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    target-branch: "cspell4"
-    schedule:
-      interval: "weekly"
-
-  - package-ecosystem: "github-actions"
-    # Workflow files stored in the
-    # default location of `.github/workflows`
-    directory: "/"
-    target-branch: "cspell4"
-    schedule:
-      interval: "daily"
-
-  # Automatically added by streetsidesoftware/public/update-dependabot-github-actions
-  - package-ecosystem: github-actions
-    directory: /.github/actions/setup
-    schedule:
-      interval: daily
-    commit-message:
-      prefix: ci
-
-  # Automatically added by streetsidesoftware/public/update-dependabot-github-actions
-  - package-ecosystem: github-actions
-    directory: /.github/actions/pr
-    schedule:
-      interval: daily
-    commit-message:
-      prefix: ci
-
-  # Automatically added by streetsidesoftware/public/update-dependabot-github-actions
-  - package-ecosystem: github-actions
-    directory: /.github/actions/github-app-token
-    schedule:
-      interval: daily
-    commit-message:
-      prefix: ci

.github/workflows/publish-docker-image.yml

@@ -15,7 +15,17 @@ on:
           - "no"
         default: "no"
         required: false
+      ref:
+        description: "Reference / tag to publish"
+        required: false
+        type: string
+
   workflow_call:
+    inputs:
+      ref:
+        description: "Reference / tag to publish"
+        required: true
+        type: string
 
 env:
   REGISTRY: ghcr.io
@@ -35,6 +45,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
+        with:
+          ref: ${{ github.event.inputs.ref || github.ref }}
 
       - name: CSpell Version
         run: |

.github/workflows/release-please.yml

@@ -9,13 +9,13 @@ on:
 permissions:
   contents: write
   pull-requests: write
-  id-token: write
 
 jobs:
   release-please:
     runs-on: ubuntu-latest
     outputs:
       release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
     steps:
       - uses: googleapis/release-please-action@v4
         id: release
@@ -30,19 +30,24 @@ jobs:
     needs:
       - release-please
     if: ${{ needs.release-please.outputs.release_created }}
+    permissions:
+      contents: read
+      id-token: write
     steps:
       # The logic below handles the npm publication:
       - uses: actions/checkout@v5
+        with:
+          ref: ${{ needs.release-please.outputs.tag_name }}
       - name: Setup
         uses: ./.github/actions/setup
         with:
-          node-version: ${{ matrix.node-version }}
+          node-version: 22.x
 
       - run: npm ci
 
       - run: npm publish
         env:
-          NODE_AUTH_TOKEN: ${{secrets.PUBLISH_NPM}}
+          NPM_CONFIG_PROVENANCE: true
 
   publish-docker:
     permissions:
@@ -51,4 +56,6 @@ jobs:
     needs:
       - release-please
     uses: ./.github/workflows/publish-docker-image.yml
+    with:
+      ref: ${{ needs.release-please.outputs.tag_name }}
     if: ${{ needs.release-please.outputs.release_created }}

.prettierrc.yaml

@@ -0,0 +1,2 @@
+singleQuote: false
+semi: true