From 115a9bfaf74108c2251bad70aa8d0be64a1d0d00 Mon Sep 17 00:00:00 2001 From: Rafael Santos Date: Mon, 5 Jan 2026 14:49:38 +0000 Subject: [PATCH] Update `release` workflow to use trusted OIDC publishing --- .github/workflows/release.yaml | 11 ++++++----- .release-it.json | 3 ++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index d0d6fbe..f985772 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,6 +20,9 @@ jobs: group: release-${{ github.repository }}-${{ github.ref_name }} cancel-in-progress: false environment: release + permissions: + contents: write + id-token: write steps: - name: Checkout code @@ -27,10 +30,11 @@ jobs: with: persist-credentials: false - - name: Setup Node.js version + - name: Set up Node.js version uses: actions/setup-node@v6 with: - node-version: 22 + node-version: 24 + registry-url: 'https://registry.npmjs.org/' - name: Enable yarn run: corepack enable @@ -44,9 +48,6 @@ jobs: git config user.email "bot@uphold.com" git config --global url.https://${{ secrets.RELEASE_GITHUB_TOKEN }}@github.com/.insteadOf https://github.com/ - - name: Configure npm - run: npm config set //registry.npmjs.org/:_authToken ${{ secrets.RELEASE_NPM_TOKEN }} - - name: Generate release env: GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} diff --git a/.release-it.json b/.release-it.json index c7e9879..1114c73 100644 --- a/.release-it.json +++ b/.release-it.json @@ -19,6 +19,7 @@ ] }, "npm": { - "publish": true + "publish": true, + "skipChecks": true } }