From f42ec5e4dd07d14d2ff4902d358dac52ce64f167 Mon Sep 17 00:00:00 2001 From: Pixel998 Date: Fri, 10 Oct 2025 03:09:08 +0300 Subject: [PATCH 1/2] ci: Switch to trusted publishing --- .github/CODEOWNERS | 1 + .github/workflows/release-please.yml | 7 +++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 1c1bf68..758589a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1,2 @@ .release-please-manifest.json @eslint/eslint-tsc +.github/workflows/release-please.yml @eslint/eslint-tsc diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 165efb5..38ea2fe 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -2,6 +2,7 @@ on: push: branches: - main + name: release-please jobs: release-please: @@ -22,12 +23,14 @@ jobs: registry-url: https://registry.npmjs.org if: ${{ steps.release.outputs.release_created }} + # npm 11.5.1 or later is required so update to latest to be sure + - name: Update npm + run: npm install -g npm@latest + - name: Publish to npm run: | npm install npm publish --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} if: ${{ steps.release.outputs.release_created }} - name: Publish to JSR From a95c685ead400c30b6f82a1c98012c88e05b50b2 Mon Sep 17 00:00:00 2001 From: Pixel998 Date: Fri, 10 Oct 2025 17:25:06 +0300 Subject: [PATCH 2/2] update npm only when a release is created --- .github/workflows/release-please.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 38ea2fe..c60f656 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -26,6 +26,7 @@ jobs: # npm 11.5.1 or later is required so update to latest to be sure - name: Update npm run: npm install -g npm@latest + if: ${{ steps.release.outputs.release_created }} - name: Publish to npm run: |