Skip to content

Commit 1f6c0ec

Browse files
committed
Mise à jour de la configuration de publication pour OIDC, ajout d'instructions sur les permissions des tokens et suppression des tests finaux avant publication.
1 parent 2e0b3fc commit 1f6c0ec

File tree

1 file changed

+10
-11
lines changed

1 file changed

+10
-11
lines changed

.github/workflows/release.yml

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,11 @@ name: 🚀 Release & Deployment
99
# - Enable at: https://docs.npmjs.com/trusted-publishers
1010
# - See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
1111
#
12-
# ✅ OPTION 2: Granular Access Token (with 90-day max expiration)
13-
# - Create token: npm token create [--read-only]
12+
# ✅ OPTION 2: Granular Access Token (with 90-day max expiration & Bypass 2FA)
13+
# - Create token: npm token create
14+
# - Permissions: "Publish" with "Bypass 2FA for automation" ENABLED
15+
# - Max expiration: 90 days for security
1416
# - Store as 'NPM_TOKEN' secret in repository settings
15-
# - Recommended: Enable "Bypass 2FA" for non-interactive workflows
1617
#
1718
# ❌ DO NOT USE: Classic tokens (permanently revoked)
1819
#
@@ -304,12 +305,6 @@ jobs:
304305
- name: 📦 Install Dependencies
305306
run: npm ci
306307

307-
- name: 🧪 Final Pre-Publish Tests
308-
run: |
309-
echo "Running final validation before npm publish..."
310-
npm test
311-
npm run benchmark
312-
313308
- name: 📝 Enable NPM Provenance
314309
run: |
315310
npm pkg set publishConfig.provenance=true
@@ -328,8 +323,6 @@ jobs:
328323
fi
329324
330325
echo "🎉 Successfully published algorith@${{ needs.prepare-release.outputs.version }} to NPM!"
331-
env:
332-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
333326
334327
- name: 📢 Post-Publish Verification
335328
run: |
@@ -338,6 +331,12 @@ jobs:
338331
npm view algorith@${{ needs.prepare-release.outputs.version }}
339332
echo "✅ Package verified on NPM registry"
340333
334+
- name: 📋 Setup for OIDC Trusted Publishing
335+
if: ${{ env.NODE_AUTH_TOKEN == '' }}
336+
run: |
337+
echo "ℹ️ OIDC Trusted Publishing is configured"
338+
echo "🔐 Token automatically injected by actions/setup-node"
339+
341340
# Job 7: Post-release actions
342341
post-release:
343342
name: 🎊 Post-Release Actions

0 commit comments

Comments
 (0)