From 4c20907041e977e0ea6ba900abf35716f270021f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Larivi=C3=A8re?= Date: Wed, 29 Oct 2025 14:16:17 -0400 Subject: [PATCH] [DEVOPS-3952] ci(npm): migrate publishing to OIDC authentication --- .github/workflows/publish.yml | 12 ++++++------ .github/workflows/rust.yml | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c75543d..df771f6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -39,6 +39,9 @@ jobs: environment: npm-publish if: ${{ inputs.wasm }} runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - name: Checkout repo @@ -59,9 +62,6 @@ jobs: name: wasm path: dist/bundler - - name: Configure NPM - run: npm config set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" - - name: Publish run: npm publish --tag ${{ inputs.beta && 'beta' || 'latest' }} working-directory: dist/bundler @@ -75,6 +75,9 @@ jobs: environment: npm-publish if: ${{ inputs.wasm_web }} runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - name: Checkout repo @@ -95,9 +98,6 @@ jobs: name: wasm-web path: dist/web - - name: Configure NPM - run: npm config set "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" - - name: Publish run: npm publish --tag ${{ inputs.beta && 'beta' || 'latest' }} working-directory: dist/web diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index b6cf37f..d4df49c 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -3,7 +3,8 @@ name: Test Package on: workflow_dispatch: pull_request: - branches: master + branches: + - master jobs: build: