Skip to content

Commit 2697de3

Browse files
authored
Merge pull request #3 from RightCapitalHQ/feature/migrate-to-trusted-publishing
ci: migrate to trusted publishing
2 parents 7231a91 + 526a966 commit 2697de3

2 files changed

Lines changed: 4 additions & 6 deletions

File tree

.github/workflows/ci.yml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@ jobs:
4545
if: ${{ always() && !failure() && !cancelled() }}
4646
needs: [test, check-workflow-files]
4747
runs-on: ubuntu-latest
48+
permissions:
49+
id-token: write
50+
contents: read
4851
steps:
4952
- uses: actions/checkout@v4
5053
- uses: pnpm/action-setup@v4
@@ -58,20 +61,15 @@ jobs:
5861
- name: Publish (development)
5962
if: github.event.pull_request.head.repo.full_name == 'RightCapitalHQ/verdaccio-package-diff' && github.base_ref == github.event.repository.default_branch
6063
env:
61-
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
6264
HEAD_REF: ${{ github.head_ref }}
6365
run: |
64-
npm config set //registry.npmjs.org/:_authToken "${NPM_TOKEN}"
6566
preid="${HEAD_REF//\//-}".${{ github.run_number }}.${{ github.run_attempt }}
6667
pnpm exec npm --no-git-tag-version version prerelease --preid="${preid}"
6768
pnpm publish --no-git-checks --access public --tag development
6869
6970
- name: Publish (main)
7071
if: github.repository == 'RightCapitalHQ/verdaccio-package-diff' && github.event_name == 'push' && github.ref_name == github.event.repository.default_branch
71-
env:
72-
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
7372
run: |
74-
npm config set //registry.npmjs.org/:_authToken "${NPM_TOKEN}"
7573
git config --local user.email "npm-publisher@rightcapital.com"
7674
git config --local user.name "GitHub Actions[bot]"
7775
pnpm beachball publish --access public --yes -m 'chore(release): applying package updates'

.node-version

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
20.18.0
1+
24.10.0

0 commit comments

Comments
 (0)