Next2D · ienaga · Mar 1, 2026 · Feb 22, 2026 · Mar 1, 2026 · Mar 1, 2026
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -3,40 +3,38 @@ name: Lint
 on:
   push:
     branches:
-      - main
       - develop
   pull_request:
     branches:
       - main
       - develop
+  workflow_call:
 
 jobs:
   macos-browser-test:
     runs-on: macos-latest
     permissions:
       contents: read
-      pull-requests: write
     steps:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v6
         with:
           node-version: 24
           registry-url: "https://registry.npmjs.org"
       - run: npm install -g npm@latest
-      - run: npm install
+      - run: npm ci
       - run: npm run lint
 
   windows-browser-test:
     runs-on: windows-latest
     permissions:
       contents: read
-      pull-requests: write
     steps:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v6
         with:
           node-version: 24
           registry-url: "https://registry.npmjs.org"
       - run: npm install -g npm@latest
-      - run: npm install
+      - run: npm ci
       - run: npm run lint
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -10,15 +10,23 @@ permissions:
   contents: read
 
 jobs:
+  lint:
+    uses: ./.github/workflows/lint.yml
+
   publish:
+    needs: [lint]
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
-      pull-requests: write
-      pull-requests: write
+      id-token: write
     steps:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v6
         with:
           node-version: 24
           registry-url: "https://registry.npmjs.org"
       - run: npm install -g npm@latest
-      - run: npm install
+      - run: npm ci
       - run: npm run release
       - run: npm publish