workflow update

jekuer · jekuer · commit 88ebb42e8a19 · 2025-10-16T00:18:33.000+02:00
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -1,12 +1,16 @@
-# This workflow will run tests using node and then publish a package to npm when a release is created
-# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
+# This workflow will build and publish a package to npm when a release is created
+# For more information see: https://docs.npmjs.com/trusted-publishers
 
 name: npm publish
 
 on:
   release:
     types: [published]
 
+permissions:
+  id-token: write
+  contents: read
+
 env:
   TAG: '${{ github.event.release.tag_name }}'
 
@@ -15,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Validate version tag pattern
         run: |
           if [[ ! "${{ env.TAG }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
@@ -41,31 +45,29 @@ jobs:
     runs-on: ubuntu-latest
     needs: validate-release
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 22
+          registry-url: https://registry.npmjs.org/
+          cache: 'npm'
       - run: npm ci
       - run: npm run eslint
-      - run: npm test
+      - run: npm run test
 
   build-and-publish:
     runs-on: ubuntu-latest
     needs: test
-    permissions:
-      contents: read
-      id-token: write
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 22
           registry-url: https://registry.npmjs.org/
           cache: 'npm'
-      - run: npm install -g npm
+      - name: Update npm
+        run: npm install -g npm@latest
       - run: npm ci
       - run: npm run build
       - name: Publish package
-        run: npm publish --provenance --tag ${{ github.event.release.prerelease && 'next' || 'latest' }}
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_SECRET }}
+        run: npm publish --tag ${{ github.event.release.prerelease && 'next' || 'latest' }}
