Skip to content

Commit 40a19d9

Browse files
committed
ci: github action as trusted publisher removes token
1 parent e4f6233 commit 40a19d9

File tree

1 file changed

+8
-3
lines changed

1 file changed

+8
-3
lines changed

.github/workflows/release.yml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
name: Release
22

3+
permissions:
4+
id-token: write
5+
contents: read
6+
37
on:
48
workflow_dispatch: ~
59
push:
@@ -24,6 +28,7 @@ jobs:
2428
with:
2529
node-version: 22
2630
cache: "pnpm"
31+
registry-url: "https://registry.npmjs.org"
2732

2833
- name: Install dependencies
2934
run: pnpm install --frozen-lockfile
@@ -41,6 +46,6 @@ jobs:
4146
run: pnpm build
4247

4348
- name: Publish to npm
44-
run: pnpm publish --no-git-checks
45-
env:
46-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
49+
run: |
50+
node -e "const p=require('./package.json'); delete p.packageManager; require('fs').writeFileSync('package.json', JSON.stringify(p, null, 2))"
51+
npm publish --provenance --access public

0 commit comments

Comments
 (0)