diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 83ce60d..6207124 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -117,6 +117,9 @@ jobs: publish-npm: needs: release runs-on: ubuntu-latest + permissions: + id-token: write # Required for OIDC trusted publishing + contents: read steps: - name: Checkout code @@ -128,6 +131,11 @@ jobs: node-version: "20" registry-url: "https://registry.npmjs.org" + - name: Upgrade npm + # Trusted publishing (OIDC) requires npm >= 11.5.1, newer than the + # version bundled with Node 20. + run: npm install -g npm@latest + - name: Get version from tag id: version env: @@ -145,8 +153,6 @@ jobs: - name: Publish to npm working-directory: npm run: npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} publish-homebrew: needs: release