diff --git a/.github/workflows/build-native.yml b/.github/workflows/build-native.yml index 9061d82..6d0fa2f 100644 --- a/.github/workflows/build-native.yml +++ b/.github/workflows/build-native.yml @@ -170,19 +170,20 @@ jobs: working-directory: packages/cachekit-core-ts run: ls -la npm/*/ - - name: Publish platform packages + # npm Trusted Publishing (OIDC) requires npm >= 11.5.1. + # Node 22 ships an older npm; upgrade in-place for the publish steps. + - name: Upgrade npm for OIDC + run: npm install -g npm@latest + + - name: Publish platform packages (OIDC trusted publisher) working-directory: packages/cachekit-core-ts run: | find npm -mindepth 1 -maxdepth 1 -type d -exec npm publish {} --access public --provenance \; - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Prepare main package working-directory: packages/cachekit-core-ts run: npx napi prepublish -t npm --skip-gh-release - - name: Publish main package + - name: Publish main package (OIDC trusted publisher) working-directory: packages/cachekit-core-ts run: npm publish --access public --provenance --ignore-scripts - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 6367319..fbf4293 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -79,13 +79,11 @@ jobs: - name: Test run: pnpm test - - name: Configure npm auth - run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + # npm Trusted Publishing (OIDC) requires npm >= 11.5.1. + # Node 22 ships an older npm; upgrade in-place for the publish step. + - name: Upgrade npm for OIDC + run: npm install -g npm@latest - - name: Publish to npm + - name: Publish to npm (OIDC trusted publisher) working-directory: packages/cachekit - run: pnpm publish --access public --provenance --no-git-checks - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: npm publish --access public --provenance