This is an automated email from the ASF dual-hosted git repository. kingsword09 pushed a commit to branch npm-trusted-publishing in repository https://gitbox.apache.org/repos/asf/opendal.git
commit 57e84f2fa6cb3cd8675a0067edb64d565d4ea629 Author: Kingsword <[email protected]> AuthorDate: Fri Oct 17 15:07:43 2025 +0800 ci(nodejs): enable npm trusted publishing --- .github/workflows/release_nodejs.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release_nodejs.yml b/.github/workflows/release_nodejs.yml index 0acec4961..726e5d6f4 100644 --- a/.github/workflows/release_nodejs.yml +++ b/.github/workflows/release_nodejs.yml @@ -157,6 +157,7 @@ jobs: permissions: id-token: write contents: write + environment: release defaults: run: @@ -188,6 +189,10 @@ jobs: run: ls -R ./npm shell: bash + - name: Update npm + # Trusted publishing requires npm CLI version 11.5.1 or later. + run: npm install -g npm@latest + - name: Add LICENSE & NOTICE # Set working directory to root to copy LICENSE & NOTICE working-directory: . @@ -195,14 +200,12 @@ jobs: - name: Publish Dry Run if: (github.event_name == 'workflow_dispatch' && inputs.nodejs-publish-dry-run) || (startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')) - run: | - npm publish --access public --provenance --dry-run + run: npm publish --access public --dry-run - name: Publish if: (github.event_name == 'workflow_dispatch' && inputs.nodejs-publish) || (startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')) - run: | - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc - npm publish --access public --provenance + # No --provenance flag needed - it's automatic with trusted publishers + # https://docs.npmjs.com/trusted-publishers#automatic-provenance-generation + run: npm publish --access public env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
