From f9812466fcbc7777e3bfc59f0168f1bdc51e69b8 Mon Sep 17 00:00:00 2001 From: Xavier Stouder Date: Tue, 23 Dec 2025 00:02:40 +0100 Subject: [PATCH 1/4] ci: publish codemods as trusted publisher Fixes #307 --- .github/workflows/codemod_publish.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codemod_publish.yml b/.github/workflows/codemod_publish.yml index 4cd03737..7cac9936 100644 --- a/.github/workflows/codemod_publish.yml +++ b/.github/workflows/codemod_publish.yml @@ -15,6 +15,10 @@ on: required: true type: string +permissions: + id-token: write + contents: read + jobs: validate-and-publish: name: Validate and Publish Codemod @@ -103,14 +107,11 @@ jobs: working-directory: ${{ steps.parse-tag.outputs.codemod-path }} run: node --test - - name: Authenticate with Codemod registry - env: - CODEMOD_TOKEN: ${{ secrets.CODEMOD_TOKEN }} - run: npx codemod login --api-key "$CODEMOD_TOKEN" - - name: Publish codemod - working-directory: ${{ steps.parse-tag.outputs.codemod-path }} - run: npx codemod publish + - name: Publish codemod to registry + uses: codemod/publish-action@v1 + with: + path: ${{ steps.parse-tag.outputs.codemod-path }} - name: Create release summary env: From 854e337607d6effadc5d71f2c0baa75974527daa Mon Sep 17 00:00:00 2001 From: Xavier Stouder Date: Fri, 26 Dec 2025 23:10:03 +0100 Subject: [PATCH 2/4] Update .github/workflows/codemod_publish.yml Co-authored-by: Jacob Smith <3012099+JakobJingleheimer@users.noreply.github.com> --- .github/workflows/codemod_publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codemod_publish.yml b/.github/workflows/codemod_publish.yml index 7cac9936..a36598a9 100644 --- a/.github/workflows/codemod_publish.yml +++ b/.github/workflows/codemod_publish.yml @@ -109,7 +109,7 @@ jobs: - name: Publish codemod to registry - uses: codemod/publish-action@v1 + uses: codemod/publish-action@dd6c8dbc5ceb1a6146feba41481d88b43da50024 with: path: ${{ steps.parse-tag.outputs.codemod-path }} From df838c00bcd8e6bd584c04331ced47fa662d68be Mon Sep 17 00:00:00 2001 From: Xavier Stouder Date: Sat, 27 Dec 2025 00:10:08 +0100 Subject: [PATCH 3/4] Update .github/workflows/codemod_publish.yml Co-authored-by: Aviv Keller --- .github/workflows/codemod_publish.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/codemod_publish.yml b/.github/workflows/codemod_publish.yml index a36598a9..45cbacb7 100644 --- a/.github/workflows/codemod_publish.yml +++ b/.github/workflows/codemod_publish.yml @@ -24,6 +24,16 @@ jobs: name: Validate and Publish Codemod runs-on: ubuntu-latest +permissions: read-all + +jobs: + validate-and-publish: + name: Validate and Publish Codemod + runs-on: ubuntu-latest + + permissions: + id-token: write + contents: read outputs: version: ${{ steps.parse-tag.outputs.version }} codemod-name: ${{ steps.parse-tag.outputs.codemod-name }} From c24f88a624f5052c34576ff2d1d22b50252a0586 Mon Sep 17 00:00:00 2001 From: Xavier Stouder Date: Sat, 27 Dec 2025 00:10:14 +0100 Subject: [PATCH 4/4] Update .github/workflows/codemod_publish.yml Co-authored-by: Aviv Keller --- .github/workflows/codemod_publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codemod_publish.yml b/.github/workflows/codemod_publish.yml index 45cbacb7..f9907dc3 100644 --- a/.github/workflows/codemod_publish.yml +++ b/.github/workflows/codemod_publish.yml @@ -119,7 +119,7 @@ jobs: - name: Publish codemod to registry - uses: codemod/publish-action@dd6c8dbc5ceb1a6146feba41481d88b43da50024 + uses: codemod/publish-action@dd6c8dbc5ceb1a6146feba41481d88b43da50024 # v1 with: path: ${{ steps.parse-tag.outputs.codemod-path }}