From 7281d5861ec5ca8a78706dfd81480d3be30b20bd Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 1 Nov 2025 23:13:54 -0400 Subject: [PATCH] Use trusted publisher OIDC to publish package --- .github/workflows/publish.yml | 21 +++++++-------------- mise.toml | 4 ++++ 2 files changed, 11 insertions(+), 14 deletions(-) create mode 100644 mise.toml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index fbc9749..545bc5d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -7,9 +7,9 @@ on: paths: - 'package.json' -env: - NODE_VERSION: 20 - PNPM_VERSION: 9 +permissions: + id-token: write # Required for OIDC + contents: read jobs: publish-js: @@ -20,16 +20,11 @@ jobs: - name: Checkout project uses: actions/checkout@v4 - - name: Setup Node.js - uses: actions/setup-node@v4 + - name: Install Mise + uses: caido/action-mise-action@v3.2.0 with: - node-version: ${{ env.NODE_VERSION }} - - - name: Setup pnpm - uses: pnpm/action-setup@v4.0.0 - with: - version: ${{ env.PNPM_VERSION }} - run_install: false + working_directory: . + version: ${{ vars.CI__MISE_VERSION }} - name: Install run: pnpm install @@ -39,6 +34,4 @@ jobs: - name: Publish shell: bash - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} run: pnpm --filter dev -r publish --access public diff --git a/mise.toml b/mise.toml new file mode 100644 index 0000000..ba92c5c --- /dev/null +++ b/mise.toml @@ -0,0 +1,4 @@ +[tools] +node = '22' +"npm:npm" = "11.6.2" +pnpm = '10.20.0'