From d942970001e324866f4ee099f2b4698649899987 Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 1 Nov 2025 20:57:56 -0400 Subject: [PATCH] Use trusted publisher OIDC to publish package --- .github/workflows/publish.yml | 22 +++++++++------------- mise.toml | 3 ++- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 51997d6..05fd626 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -2,8 +2,11 @@ name: Publish on: push: - branches: - - 'main' + branches: ['main'] + +permissions: + id-token: write # Required for OIDC + contents: read jobs: publish: @@ -14,20 +17,13 @@ jobs: - name: Checkout project uses: actions/checkout@v4 - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Setup pnpm - uses: pnpm/action-setup@v4.0.0 + - name: Install Mise + uses: caido/action-mise-action@v3.2.0 with: - version: 9 - run_install: true + working_directory: . + version: ${{ vars.CI__MISE_VERSION }} - name: Publish - env: - NPM_TOKEN: ${{ secrets.NPM_BOT_TOKEN }} run: pnpm -r publish --access public - name: Publish internal diff --git a/mise.toml b/mise.toml index 4f594a3..d6f25e0 100644 --- a/mise.toml +++ b/mise.toml @@ -1,3 +1,4 @@ [tools] node = "22" -pnpm = "9.15.9" \ No newline at end of file +pnpm = '10.20.0' +"npm:npm" = "11.6.2"