From 4bad384ca0bedbc1062b8a8aa457004cff3350af Mon Sep 17 00:00:00 2001 From: Shantur Rathore Date: Fri, 21 Nov 2025 15:20:45 +0000 Subject: [PATCH] Switch server publish to npm trusted publisher (OIDC) --- .github/workflows/dev-release.yml | 6 ++++-- .github/workflows/release.yml | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml index 615e3396..77e72e7a 100644 --- a/.github/workflows/dev-release.yml +++ b/.github/workflows/dev-release.yml @@ -58,9 +58,11 @@ jobs: publish-server: needs: build-and-upload runs-on: ubuntu-latest + permissions: + contents: read + id-token: write env: NODE_VERSION: 20 - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} VERSION: ${{ needs.prepare-dev.outputs.version }} steps: - name: Checkout @@ -85,4 +87,4 @@ jobs: run: npm run build --workspace @neuralnomads/codenomad - name: Publish server package to dev tag - run: npm publish --workspace @neuralnomads/codenomad --access public --tag dev + run: npm publish --workspace @neuralnomads/codenomad --access public --tag dev --provenance diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68d3c573..c4ea0386 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -75,9 +75,11 @@ jobs: publish-server: needs: build-and-upload runs-on: ubuntu-latest + permissions: + contents: read + id-token: write env: NODE_VERSION: 20 - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} steps: - name: Checkout uses: actions/checkout@v4 @@ -98,4 +100,4 @@ jobs: run: npm run build --workspace @neuralnomads/codenomad - name: Publish server package - run: npm publish --workspace @neuralnomads/codenomad --access public --tag latest + run: npm publish --workspace @neuralnomads/codenomad --access public --tag latest --provenance