Skip to content

Commit 2e2466c

Browse files
Merge pull request #32 from phantom/jack/npm-token-publishing
fix: Revert to previous flow to unblock release
2 parents 9a7bb53 + 38d3947 commit 2e2466c

File tree

1 file changed

+9
-19
lines changed

1 file changed

+9
-19
lines changed

.github/workflows/release.yml

Lines changed: 9 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -5,48 +5,38 @@ on:
55
branches:
66
- master
77

8-
concurrency: ${{ github.workflow }}-${{ github.ref }}
9-
108
permissions:
119
contents: write
1210
pull-requests: write
13-
# OIDC
14-
id-token: write
1511

1612
jobs:
1713
release:
1814
name: Release
1915
runs-on: ubuntu-latest
20-
env:
21-
# Force npm to emit provenance (SLSA) when publishing via OIDC.
22-
NPM_CONFIG_PROVENANCE: true
23-
2416
steps:
2517
- name: Checkout Repo
2618
uses: actions/checkout@v4
2719

28-
- name: Setup Node.js 24.x
29-
uses: actions/setup-node@v4
30-
with:
31-
node-version: 24.x
32-
33-
- name: Ensure npm 11.5.1+ for trusted publishing
34-
run: npm install -g npm@^11.8.0
35-
3620
- name: Enable Corepack
3721
run: corepack enable
3822

23+
- name: Setup Node.js 20.x
24+
uses: actions/setup-node@v4
25+
with:
26+
node-version: 20.x
27+
cache: "yarn"
28+
registry-url: "https://registry.npmjs.org"
29+
3930
- name: Install Dependencies
40-
run: yarn
31+
run: yarn install --immutable
4132

4233
- name: Create Release Pull Request or Publish to npm
4334
id: changesets
4435
uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba
4536
with:
46-
# This expects you to have a script called release which does a build for your packages and calls changeset publish
4737
version: yarn changeset version
4838
publish: yarn release
4939
commitMode: github-api
5040
env:
5141
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
52-
NPM_CONFIG_PROVENANCE: true
42+
NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN_PHANTOM_SECURITY_BOT }}

0 commit comments

Comments
 (0)