From b361cc8001ccdb4ba9c598554a403209fb3c0c94 Mon Sep 17 00:00:00 2001 From: Austin Williams Date: Wed, 22 Oct 2025 14:09:35 -0700 Subject: [PATCH 1/2] Update release workflow to use npm trusted publishing --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4316045f..08cca24d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,6 +52,9 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') runs-on: ubuntu-latest needs: build + permissions: + id-token: write # Required for OIDC + contents: read steps: - name: set env run: echo "RELEASE_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV @@ -66,8 +69,6 @@ jobs: - name: npm publish # skip npm publishing if running in a fork if: github.repository == 'amazon-ion/ion-js' - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} run: npm publish update-docs: if: startsWith(github.ref, 'refs/tags/v') From 8194682db5da7d8b68284ff19b88b15f2fca7a28 Mon Sep 17 00:00:00 2001 From: Austin Williams Date: Wed, 22 Oct 2025 16:46:22 -0700 Subject: [PATCH 2/2] Update actions/setup-node and node version used for publish --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 08cca24d..7ba18303 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,9 +61,9 @@ jobs: - uses: actions/checkout@v3 - uses: actions/download-artifact@v4.1.7 - run: ls */* | cat - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 with: - node-version: '16.x' + node-version: '24.x' registry-url: 'https://registry.npmjs.org' - run: npm install - name: npm publish