fix(Release): Migrate to OIDC connect

cblanc · cblanc · commit 16ed4053a9ad · 2026-03-09T11:20:48.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,11 +11,12 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    # https://docs.npmjs.com/trusted-publishers#github-actions-configuration
     permissions:
-      contents: write
-      issues: write
-      pull-requests: write
-      packages: write
+      id-token: write      # Required for npm OIDC
+      contents: write      # Required for semantic-release to create releases/tags
+      issues: write        # Required for semantic-release to comment on issues
+      pull-requests: write # Required for semantic-release to comment on PRs
 
     steps:
       - name: Checkout
@@ -29,6 +30,7 @@ jobs:
         with:
           node-version: 'lts/*'
           cache: 'npm'
+          registry-url: https://registry.npmjs.org
 
       - name: Install dependencies
         run: npm ci
@@ -40,7 +42,7 @@ jobs:
         run: npm run build
 
       - name: Semantic Release
-        run: npm run semantic-release
+        # Use npx to ensure npm OIDC token is passed correctly
+        run: npx semantic-release --no-ci
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/package.json b/package.json
@@ -98,6 +98,10 @@
       }
     ]
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "license": "MIT",
   "dependencies": {
     "@ideal-postcodes/core-interface": "~3.2.1",

Original file line number	Diff line number	Diff line change
`@@ -98,6 +98,10 @@`
`98`	`98`	`}`
`99`	`99`	`]`
`100`	`100`	`},`
	`101`	`+ "publishConfig": {`
	`102`	`+ "access": "public",`
	`103`	`+ "provenance": true`
	`104`	`+ },`
`101`	`105`	`"license": "MIT",`
`102`	`106`	`"dependencies": {`
`103`	`107`	`"@ideal-postcodes/core-interface": "~3.2.1",`