From 335a84bb59377371ecb2e6dc9702ce572d2e6cc6 Mon Sep 17 00:00:00 2001 From: Mohamed Bassem Date: Sat, 29 Nov 2025 13:08:04 +0000 Subject: build: switch npm to trusted publishing --- .github/workflows/cli.yml | 8 +++++--- .github/workflows/mcp.yml | 10 ++++++---- .github/workflows/opencode.yml | 29 ----------------------------- .github/workflows/sdk.yml | 8 +++++--- 4 files changed, 16 insertions(+), 39 deletions(-) delete mode 100644 .github/workflows/opencode.yml (limited to '.github/workflows') diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml index b40d99cc..ac4370cb 100644 --- a/.github/workflows/cli.yml +++ b/.github/workflows/cli.yml @@ -4,6 +4,11 @@ on: tags: # This is a glob pattern not a regex - 'cli/v[0-9]+.[0-9]+.[0-9]+' + +permissions: + id-token: write # Required for OIDC + contents: read + jobs: build: runs-on: ubuntu-latest @@ -19,6 +24,3 @@ jobs: - run: pnpm publish --access public --no-git-checks working-directory: apps/cli - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }} - diff --git a/.github/workflows/mcp.yml b/.github/workflows/mcp.yml index b38cfa9a..afe3f357 100644 --- a/.github/workflows/mcp.yml +++ b/.github/workflows/mcp.yml @@ -3,7 +3,12 @@ on: push: tags: # This is a glob pattern not a regex - - 'mcp/v[0-9]+.[0-9]+.[0-9]+' + - "mcp/v[0-9]+.[0-9]+.[0-9]+" + +permissions: + id-token: write # Required for OIDC + contents: read + jobs: build: runs-on: ubuntu-latest @@ -19,6 +24,3 @@ jobs: - run: pnpm publish --access public --no-git-checks working-directory: apps/mcp - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }} - diff --git a/.github/workflows/opencode.yml b/.github/workflows/opencode.yml deleted file mode 100644 index d7728415..00000000 --- a/.github/workflows/opencode.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: opencode - -on: - issue_comment: - types: [created] - -jobs: - opencode: - if: | - github.actor == 'MohamedBassem' && ( - contains(github.event.comment.body, '/oc') || - contains(github.event.comment.body, '/opencode') - ) - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run opencode - uses: sst/opencode/github@latest - env: - OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }} - with: - model: openrouter/moonshotai/kimi-k2 diff --git a/.github/workflows/sdk.yml b/.github/workflows/sdk.yml index d14057c8..678d7570 100644 --- a/.github/workflows/sdk.yml +++ b/.github/workflows/sdk.yml @@ -4,6 +4,11 @@ on: tags: # This is a glob pattern not a regex - 'sdk/v[0-9]+.[0-9]+.[0-9]+' + +permissions: + id-token: write # Required for OIDC + contents: read + jobs: build: runs-on: ubuntu-latest @@ -19,6 +24,3 @@ jobs: - run: pnpm publish --access public --no-git-checks working-directory: packages/sdk - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_ACCESS_TOKEN }} - -- cgit v1.2.3-70-g09d2