diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 182ff17d6f..132e530c43 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,6 +7,10 @@ on: branches: - main +permissions: + id-token: write + contents: write + jobs: publish: if: @@ -22,7 +26,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v4 with: - node-version: "20.x" + node-version: "22.x" registry-url: "https://registry.npmjs.org/" - uses: pnpm/action-setup@v4 @@ -37,15 +41,11 @@ jobs: if: ${{ github.event.pull_request.head.ref == 'prepare-release' }} run: | pnpm release - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Publish prerelease to npm if: ${{ github.event.pull_request.head.ref == 'prepare-prerelease' }} run: | pnpm release:prerelease - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Extract changelog for version id: get_changelog diff --git a/package.json b/package.json index 9c3f0d3974..a587d9a5f9 100644 --- a/package.json +++ b/package.json @@ -16,8 +16,8 @@ "format": "turbo format lint:fix", "clean": "git clean -fdX && pnpm store prune", "ci": "pnpm clean && pnpm i", - "release": "pnpm build && pnpm -r --filter=@cartridge/controller --filter=@cartridge/connector publish --tag latest --no-git-checks --access public", - "release:prerelease": "pnpm build && pnpm -r --filter=@cartridge/controller --filter=@cartridge/connector publish --tag prerelease --no-git-checks --access public", + "release": "pnpm build && pnpm -r --filter=@cartridge/controller --filter=@cartridge/connector publish --tag latest --no-git-checks --access public --provenance", + "release:prerelease": "pnpm build && pnpm -r --filter=@cartridge/controller --filter=@cartridge/connector publish --tag prerelease --no-git-checks --access public --provenance", "keychain": "pnpm --filter @cartridge/keychain", "controller": "pnpm --filter @cartridge/controller", "connector": "pnpm --filter @cartridge/connector",