Skip to content

Commit c35e239

Browse files
nigel-devnigel-dev
committed
feat(ci): switch to OIDC trusted publishing with provenance
Replace classic NPM_TOKEN auth with GitHub Actions OIDC identity. Add id-token: write permission and restore provenance in publishConfig.
1 parent f5f8d5c commit c35e239

2 files changed

Lines changed: 3 additions & 2 deletions

File tree

.github/workflows/publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ permissions:
1616
contents: write
1717
issues: write
1818
pull-requests: write
19+
id-token: write
1920

2021
concurrency:
2122
group: semantic-release-${{ github.ref }}
@@ -65,4 +66,3 @@ jobs:
6566
fi
6667
env:
6768
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
68-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@
1212
}
1313
},
1414
"publishConfig": {
15-
"access": "public"
15+
"access": "public",
16+
"provenance": true
1617
},
1718
"files": ["dist"],
1819
"scripts": {

0 commit comments

Comments
 (0)