aprendendofelipe
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 10 additions & 4 deletions b/‎.github/workflows/release.yml‎
Lines changed: 10 additions & 4 deletions
@@ -5,6 +5,10 @@ on:
     branches:
       - main
 
+concurrency:
+  group: release
+  cancel-in-progress: false
+
 jobs:
   release-please:
     name: Release PR
@@ -23,7 +27,11 @@ jobs:
     name: Publish to NPM
     runs-on: ubuntu-latest
     needs: release-please
-    if: ${{ needs.release-please.outputs.releases_created }}
+    if: github.repository == 'aprendendofelipe/react-stack' && needs.release-please.outputs.releases_created
+
+    permissions:
+      id-token: write # Required for trusted publishing
+      contents: read
 
     steps:
       - name: Checkout Repository
@@ -37,12 +45,10 @@ jobs:
           cache: 'npm'
 
       - name: Install Dependencies
-        run: npm ci
+        run: npm ci --ignore-scripts
 
       # Release Please has already incremented versions and published tags,
       # so we just need to publish all unpublished versions to NPM here.
       - name: Publish to NPM
         run: npx lerna publish from-package --no-push --no-private --yes
         timeout-minutes: 2
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}