From 94fcf2b4a32022a2232b7531b906c6e47e20fe58 Mon Sep 17 00:00:00 2001 From: Jared Evans Date: Mon, 15 Dec 2025 12:18:50 +0000 Subject: [PATCH] update for secure publishing --- .github/workflows/node.yml | 4 ++-- .github/workflows/npm-publish.yml | 18 +++++++++++------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.github/workflows/node.yml b/.github/workflows/node.yml index 589840e..099f357 100644 --- a/.github/workflows/node.yml +++ b/.github/workflows/node.yml @@ -19,9 +19,9 @@ jobs: # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} cache: "npm" diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index e739a1d..8939da6 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -1,18 +1,22 @@ # This workflow will run tests using node and then publish a package to GitHub Packages when a release is created # For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages -name: Node.js Package +name: Publish npm Package on: release: types: [created] +permissions: + id-token: write # Required for OIDC + contents: read + jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: node-version: 20 - run: npm ci @@ -22,12 +26,12 @@ jobs: needs: build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: node-version: 20 registry-url: https://registry.npmjs.org/ + - name: Update npm + run: npm install -g npm@latest - run: npm ci - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}}