Skip to content

Commit c5c345c

Browse files
SamuelAlevSamuelAlev
authored
ci: use OIDC for npm publishing (#2554)
1 parent 3a4f967 commit c5c345c

File tree

1 file changed

+19
-16
lines changed

1 file changed

+19
-16
lines changed

.github/workflows/continuous-deployment.yaml

Lines changed: 19 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,13 @@ jobs:
1515

1616
steps:
1717
- name: Checkout default branch
18-
uses: actions/checkout@v4
18+
uses: actions/checkout@v6
1919

2020
- name: Use pnpm
21-
uses: pnpm/action-setup@v3
21+
uses: pnpm/action-setup@v4.2.0
2222

2323
- name: Use Node.js
24-
uses: actions/setup-node@v4
24+
uses: actions/setup-node@v6
2525
with:
2626
node-version-file: ".nvmrc"
2727
cache: "pnpm"
@@ -54,13 +54,13 @@ jobs:
5454

5555
steps:
5656
- name: Checkout default branch
57-
uses: actions/checkout@v4
57+
uses: actions/checkout@v6
5858

5959
- name: Use pnpm
60-
uses: pnpm/action-setup@v3
60+
uses: pnpm/action-setup@v4.2.0
6161

6262
- name: Use Node.js
63-
uses: actions/setup-node@v4
63+
uses: actions/setup-node@v6
6464
with:
6565
node-version-file: ".nvmrc"
6666
cache: "pnpm"
@@ -98,15 +98,15 @@ jobs:
9898

9999
steps:
100100
- name: Checkout current commit
101-
uses: actions/checkout@v4
101+
uses: actions/checkout@v6
102102

103103
- name: Use Node.js
104-
uses: actions/setup-node@v4
104+
uses: actions/setup-node@v6
105105
with:
106106
node-version-file: ".nvmrc"
107107

108108
- name: Use pnpm
109-
uses: pnpm/action-setup@v3
109+
uses: pnpm/action-setup@v4.2.0
110110
with:
111111
run_install: false
112112

@@ -149,15 +149,15 @@ jobs:
149149

150150
steps:
151151
- name: Checkout current commit
152-
uses: actions/checkout@v4
152+
uses: actions/checkout@v6
153153

154154
- name: Use pnpm
155-
uses: pnpm/action-setup@v3
155+
uses: pnpm/action-setup@v4.2.0
156156
with:
157157
run_install: false
158158

159159
- name: Use Node.js
160-
uses: actions/setup-node@v4
160+
uses: actions/setup-node@v6
161161
with:
162162
node-version-file: ".nvmrc"
163163
cache: "pnpm"
@@ -190,16 +190,17 @@ jobs:
190190
permissions:
191191
contents: write # to create release (changesets/action)
192192
pull-requests: write # to create pull request (changesets/action)
193+
id-token: write # to authenticate with npm registry via OIDC
193194

194195
steps:
195196
- name: Checkout default branch
196-
uses: actions/checkout@v4
197+
uses: actions/checkout@v6
197198

198199
- name: Use pnpm
199-
uses: pnpm/action-setup@v3
200+
uses: pnpm/action-setup@v4.2.0
200201

201202
- name: Use Node.js
202-
uses: actions/setup-node@v4
203+
uses: actions/setup-node@v6
203204
with:
204205
node-version-file: ".nvmrc"
205206
cache: "pnpm"
@@ -217,4 +218,6 @@ jobs:
217218
publish: pnpm ci:publish
218219
env:
219220
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
220-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
221+
NPM_CONFIG_PROVENANCE: true
222+
# Use OIDC for npm authentication instead of NPM_TOKEN
223+
NPM_TOKEN: "" # https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868

0 commit comments

Comments
 (0)