fix: oidc for trusted publishers #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Release main" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| id-token: write # Required for OIDC | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Prepare Node.js (20.x) | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24.x | |
| registry-url: 'https://registry.npmjs.org' | |
| cache: yarn | |
| - name: Install | |
| shell: 'script -q -e -c "bash {0}"' | |
| run: make install | |
| env: { FORCE_COLOR: 3, CI: true } | |
| - name: Test | |
| shell: 'script -q -e -c "bash {0}"' | |
| run: make test | |
| env: { FORCE_COLOR: 3, CI: true } | |
| - name: Lint | |
| shell: 'script -q -e -c "bash {0}"' | |
| run: make lint | |
| env: { FORCE_COLOR: 3, CI: true } | |
| - name: Format (check only) | |
| shell: 'script -q -e -c "bash {0}"' | |
| run: make format-check | |
| env: { FORCE_COLOR: 3, CI: true } | |
| - name: Build | |
| shell: 'script -q -e -c "bash {0}"' | |
| run: make build | |
| env: { FORCE_COLOR: 3, CI: true } | |
| - name: Publish (only) | |
| shell: 'script -q -e -c "bash {0}"' | |
| run: make publish-only | |
| env: { FORCE_COLOR: 3, CI: true, GITHUB_TOKEN: '${{secrets.CUSTOM_GITHUB_TOKEN}}' } |