From bb5be5f729a581ee41839075fe71f4a842454b78 Mon Sep 17 00:00:00 2001 From: Elizabeth Craig Date: Thu, 9 Apr 2026 20:59:41 -0700 Subject: [PATCH] Enable trusted publishing --- .github/workflows/release.yml | 15 +++++++++++++-- package.json | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9e0cd712..229680c9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,6 +16,10 @@ jobs: # This environment contains secrets needed for publishing environment: release + permissions: + # required for npm trusted publishing + id-token: write + steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: @@ -33,6 +37,14 @@ jobs: - run: yarn lage build test + - name: Use Node 20 for publish + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + with: + node-version: 20 + + - name: Install latest npm for publish + run: npm i -g npm + - name: Set git user run: | git config user.email "kchau@microsoft.com" @@ -47,9 +59,8 @@ jobs: # Add a token to the remote URL for auth during release git remote set-url origin "https://$REPO_PAT@github.com/$GITHUB_REPOSITORY" - yarn release -y -n "$NPM_AUTHTOKEN" + yarn release env: - NPM_AUTHTOKEN: ${{ secrets.NPM_AUTHTOKEN }} REPO_PAT: ${{ secrets.REPO_PAT }} # The docs have a separate installation using Node 22 due to needing newer dependencies diff --git a/package.json b/package.json index 6115a2fc..bd04f1ae 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "lage": "cross-env NODE_OPTIONS=\"--experimental-abortcontroller\" lage", "format": "prettier --write .", "format:check": "prettier --check .", - "release": "beachball publish", + "release": "beachball publish -y", "start": "yarn lage start", "test": "yarn lage test", "prelint": "syncpack list-mismatches",