From 46d21509c7c6b8834ba505e1c0917cb4c92c6798 Mon Sep 17 00:00:00 2001 From: Serj Babayan Date: Mon, 8 Jun 2026 15:26:38 -0700 Subject: [PATCH] Try enabling trusted publisher auth --- .github/workflows/release.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 83ce60d..6207124 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -117,6 +117,9 @@ jobs: publish-npm: needs: release runs-on: ubuntu-latest + permissions: + id-token: write # Required for OIDC trusted publishing + contents: read steps: - name: Checkout code @@ -128,6 +131,11 @@ jobs: node-version: "20" registry-url: "https://registry.npmjs.org" + - name: Upgrade npm + # Trusted publishing (OIDC) requires npm >= 11.5.1, newer than the + # version bundled with Node 20. + run: npm install -g npm@latest + - name: Get version from tag id: version env: @@ -145,8 +153,6 @@ jobs: - name: Publish to npm working-directory: npm run: npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} publish-homebrew: needs: release