ci: js: use trusted publisher instead of tokens

Tristramg · Tristramg · commit c8a28e61d306 · 2026-01-05T13:27:51.000+01:00
See https://docs.npmjs.com/trusted-publishers Signed-off-by: Tristram Gräbener <tristram+git@tristramg.eu>
diff --git a/.github/workflows/publish_npm.yaml b/.github/workflows/publish_npm.yaml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      id-token: write
+      id-token: write # Required for OIDC
     defaults:
       run:
         working-directory: ./wasm
@@ -18,10 +18,8 @@ jobs:
       # Setup .npmrc file to publish to npm
       - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
-          registry-url: 'https://registry.npmjs.org'
-          scope: '@osrd-project'
+          node-version: "20.x"
+          registry-url: "https://registry.npmjs.org"
+          scope: "@osrd-project"
       - run: npm ci
       - run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
