From 931fd6679b5bc1a344bbb5d08dbada2452b0f49a Mon Sep 17 00:00:00 2001 From: Etienne Stalmans Date: Tue, 25 Nov 2025 07:55:16 +0100 Subject: [PATCH] chore: use trusted publisher workflow Replace NODE_AUTH_TOKEN usage --- .github/workflows/deploy-pg-protocol.yml | 18 ++++++++++++------ .github/workflows/deploy-pg.yml | 10 ++++++++-- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy-pg-protocol.yml b/.github/workflows/deploy-pg-protocol.yml index 43b05e8f1..a6f139312 100644 --- a/.github/workflows/deploy-pg-protocol.yml +++ b/.github/workflows/deploy-pg-protocol.yml @@ -13,25 +13,31 @@ on: required: false type: string +permissions: + contents: read + id-token: write + jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - + - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '18' registry-url: 'https://registry.npmjs.org' - + - name: Install dependencies run: yarn install --frozen-lockfile - + - name: Build package run: cd packages/pg-protocol && yarn build - + + # Ensure npm 11.5.1 or later is installed for trusted publishing support + - name: Update npm + run: npm install -g npm@latest + - name: Publish to npm run: cd packages/pg-protocol && npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/deploy-pg.yml b/.github/workflows/deploy-pg.yml index a1e78fa1e..6411b3f0d 100644 --- a/.github/workflows/deploy-pg.yml +++ b/.github/workflows/deploy-pg.yml @@ -13,6 +13,10 @@ on: required: false type: string +permissions: + contents: read + id-token: write + jobs: deploy: runs-on: ubuntu-latest @@ -28,7 +32,9 @@ jobs: - name: Install dependencies run: yarn install --frozen-lockfile + # Ensure npm 11.5.1 or later is installed for trusted publishing support + - name: Update npm + run: npm install -g npm@latest + - name: Publish to npm run: cd packages/pg && npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}