Update npm publishing workflow to use OIDC instead of tokens #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will publish npm package to registry | |
| # For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages | |
| name: Publish Package to npm registry | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| types: | |
| - closed | |
| workflow_dispatch: | |
| jobs: | |
| publish: | |
| if: github.event.pull_request.merged == true | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write # Required for OIDC authentication | |
| steps: | |
| - name: Checkout Git Repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '20.x' | |
| registry-url: 'https://registry.npmjs.org' | |
| - name: Upgrade npm for trusted publishing | |
| run: npm install -g npm@11.9.0 | |
| - name: Install dependencies | |
| run: | | |
| if [ -e yarn.lock ]; then | |
| yarn install --frozen-lockfile | |
| elif [ -e package-lock.json ]; then | |
| npm ci | |
| else | |
| npm i | |
| fi | |
| - name: Publish npm package to registry | |
| run: npm publish --provenance | |