Update publishing workflow to use trusted publishing (#1033)

patrickbaber · web-flow · commit eb8f62355b8f · 2025-12-10T17:07:36.000+01:00
* add permissions to workflow

* add specific NPM version

* remove unused NPM tokens
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -8,6 +8,10 @@ on:
     tags:
       - '*'
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   publish-npm:
     runs-on: ubuntu-latest
@@ -18,6 +22,9 @@ jobs:
           node-version: 22
           registry-url: https://registry.npmjs.org/
 
+      - name: Update npm for Trusted Publishing
+        run: npm install -g npm@11.6.2
+
       - name: Set up npmrc
         id: setup-npmrc
         run: echo "@tiptap-cloud:registry=https://registry.tiptap.dev/" >> ~/.npmrc && echo "//registry.tiptap.dev/:_authToken=${{ secrets.TIPTAP_PRIVATE_REGISTRY_NPM_TOKEN }}" >> ~/.npmrc
@@ -26,10 +33,6 @@ jobs:
 
       - run: npm run publish
         if: "!contains(github.ref, '-rc.')"
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
 
       - run: npm run publish:pre
         if: "contains(github.ref, '-rc.')"
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
