Skip to content

Commit f084d2d

Browse files
decofedecofe
authored
ci(npm): use OIDC trusted publishing, remove NPM_TOKEN (#14249)
1 parent 5e497f5 commit f084d2d

2 files changed

Lines changed: 0 additions & 19 deletions

File tree

.github/workflows/npm.yml

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -151,9 +151,6 @@ jobs:
151151
id: release-version
152152
working-directory: ./npm
153153
env:
154-
PROVENANCE: true
155-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
156-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
157154
NPM_REGISTRY_URL: ${{ env.NPM_REGISTRY_URL }}
158155
ARTIFACT_DIR: ${{ steps.paths.outputs.artifact_dir }}
159156
run: |
@@ -224,8 +221,6 @@ jobs:
224221
PROVENANCE: true
225222
VERSION_NAME: ${{ steps.release-version.outputs.RELEASE_VERSION }}
226223
RELEASE_VERSION: ${{ steps.release-version.outputs.RELEASE_VERSION }}
227-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
228-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
229224
run: |
230225
set -euo pipefail
231226
@@ -249,8 +244,6 @@ jobs:
249244
name: Publish Meta Package
250245
runs-on: ubuntu-latest
251246
env:
252-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
253-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
254247
RELEASE_VERSION: ${{ needs.publish-arch.outputs.RELEASE_VERSION }}
255248
steps:
256249
- name: Checkout
@@ -286,6 +279,4 @@ jobs:
286279
PROVENANCE: true
287280
VERSION_NAME: ${{ env.RELEASE_VERSION }}
288281
RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
289-
NPM_TOKEN: ${{ env.NPM_TOKEN }}
290-
NODE_AUTH_TOKEN: ${{ env.NODE_AUTH_TOKEN }}
291282
NPM_REGISTRY_URL: ${{ env.NPM_REGISTRY_URL }}

npm/scripts/publish.mjs

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,12 @@ import { colors } from '#const.mjs'
77

88
const REGISTRY_URL = Bun.env.NPM_REGISTRY_URL || 'https://registry.npmjs.org'
99

10-
const NPM_TOKEN = Bun.env.NPM_TOKEN
11-
if (!NPM_TOKEN) throw new Error('NPM_TOKEN is required')
12-
1310
main().catch(error => {
1411
console.error(error)
1512
process.exit(1)
1613
})
1714

1815
async function main() {
19-
const npmToken = Bun.env.NPM_TOKEN
20-
if (!npmToken) throw new Error('NPM_TOKEN is required')
2116

2217
const inputPath = Bun.argv[2]
2318
if (!inputPath) throw new Error('Package path is required')
@@ -114,11 +109,6 @@ async function setPackageVersion(packagePath, version) {
114109
console.info(colors.green, 'Setting package version:', version)
115110
const result = await Bun.$`npm version ${version} --allow-same-version --no-git-tag-version`
116111
.cwd(packagePath)
117-
.env({
118-
...Bun.env,
119-
...process.env,
120-
NPM_TOKEN
121-
})
122112
.quiet()
123113
.nothrow()
124114

0 commit comments

Comments
 (0)