Merge pull request #34 from tklepzig/use-npm-trusted-publishing

Adjust CI to use npm trusted publishing

Author: tklepzig

.github/workflows/publish-switch.yml

@@ -0,0 +1,27 @@
+name: Publish switch
+
+on:
+  issue_comment:
+    types: ["created"]
+  push:
+    branches:
+      - master
+
+permissions:
+  id-token: write
+
+jobs:
+  release-snapshot:
+    if: github.event_name == 'issue_comment'
+    uses: ./.github/workflows/release-snapshot.yml
+    secrets: inherit
+    permissions:
+      id-token: write
+      pull-requests: write
+
+  release:
+    if: github.event_name == 'push'
+    uses: ./.github/workflows/release.yml
+    secrets: inherit
+    permissions:
+      id-token: write

.github/workflows/release-snapshot.yml

@@ -1,8 +1,7 @@
 name: Release Snapshot
 
 on:
-  issue_comment:
-    types: ["created"]
+  workflow_call:
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
@@ -13,6 +12,9 @@ jobs:
       ${{ github.event.issue.pull_request && github.event.comment.body ==
       '/snapshot' }}
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      pull-requests: write
     steps:
       - name: Add initial reaction
         uses: peter-evans/create-or-update-comment@v4
@@ -64,11 +66,6 @@ jobs:
       - name: Build packages
         run: npm run build
 
-      - name: Create .npmrc
-        run:
-          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >
-          ~/.npmrc
-
       - name: Publish packages
         id: publish
         run: |

.github/workflows/release.yml

@@ -1,16 +1,16 @@
 name: Release
 
 on:
-  push:
-    branches:
-      - master
+  workflow_call:
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
@@ -33,4 +33,3 @@ jobs:
           title: Publish Version
         env:
           GITHUB_TOKEN: ${{ secrets.REPO_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.tool-versions

@@ -1 +1 @@
-nodejs 20.10.0
+nodejs 24.11.0