From 224452c1f9f173be60267e4f30f37d272de8c0aa Mon Sep 17 00:00:00 2001 From: Ryuzo Yamamoto Date: Wed, 10 Sep 2025 12:02:43 +0900 Subject: [PATCH] ci: use trusted publishing for npm packages --- .../workflows/publish-function-kysely-tailordb-codegen.yaml | 6 +++--- .github/workflows/publish-function-kysely-tailordb.yaml | 6 +++--- .github/workflows/publish-function-logger.yaml | 6 +++--- .github/workflows/publish-function-types.yaml | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/publish-function-kysely-tailordb-codegen.yaml b/.github/workflows/publish-function-kysely-tailordb-codegen.yaml index 4e19b23..2f3292e 100644 --- a/.github/workflows/publish-function-kysely-tailordb-codegen.yaml +++ b/.github/workflows/publish-function-kysely-tailordb-codegen.yaml @@ -5,6 +5,7 @@ on: permissions: contents: read + id-token: write defaults: run: @@ -21,8 +22,9 @@ jobs: node-version-file: packages/kysely-tailordb-codegen/package.json registry-url: https://registry.npmjs.org - - name: Update corepack + - name: Update npm and corepack run: | + npm i -g npm@latest npm i -g corepack@latest - name: Publish @@ -32,5 +34,3 @@ jobs: pnpm install pnpm run build pnpm publish --no-git-checks --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} diff --git a/.github/workflows/publish-function-kysely-tailordb.yaml b/.github/workflows/publish-function-kysely-tailordb.yaml index 32fe625..895abf6 100644 --- a/.github/workflows/publish-function-kysely-tailordb.yaml +++ b/.github/workflows/publish-function-kysely-tailordb.yaml @@ -5,6 +5,7 @@ on: permissions: contents: read + id-token: write defaults: run: @@ -21,8 +22,9 @@ jobs: node-version-file: packages/kysely-tailordb/package.json registry-url: https://registry.npmjs.org - - name: Update corepack + - name: Update npm and corepack run: | + npm i -g npm@latest npm i -g corepack@latest - name: Publish @@ -32,5 +34,3 @@ jobs: pnpm install pnpm run build pnpm publish --no-git-checks --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} diff --git a/.github/workflows/publish-function-logger.yaml b/.github/workflows/publish-function-logger.yaml index 6478076..edb6e55 100644 --- a/.github/workflows/publish-function-logger.yaml +++ b/.github/workflows/publish-function-logger.yaml @@ -5,6 +5,7 @@ on: permissions: contents: read + id-token: write defaults: run: @@ -21,8 +22,9 @@ jobs: node-version: '22' registry-url: https://registry.npmjs.org - - name: Update corepack + - name: Update npm and corepack run: | + npm i -g npm@latest npm i -g corepack@latest - name: Publish @@ -32,5 +34,3 @@ jobs: pnpm install pnpm run build pnpm publish --no-git-checks --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/publish-function-types.yaml b/.github/workflows/publish-function-types.yaml index 50576b2..d08b1ca 100644 --- a/.github/workflows/publish-function-types.yaml +++ b/.github/workflows/publish-function-types.yaml @@ -5,6 +5,7 @@ on: permissions: contents: read + id-token: write defaults: run: @@ -21,8 +22,9 @@ jobs: node-version: '22' registry-url: https://registry.npmjs.org - - name: Update corepack + - name: Update npm and corepack run: | + npm i -g npm@latest npm i -g corepack@latest - name: Publish @@ -31,5 +33,3 @@ jobs: corepack enable pnpm install pnpm publish --no-git-checks --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}