Skip to content

Migrate to Trusted Publisher #176

New issue
New issue
Closed
#183
Closed
Migrate to Trusted Publisher#176
#183
Assignees
pgerke
Labels
enhancementNew feature or request
@pgerke

Description

@pgerke
pgerke
opened on Oct 18, 2025

As a DevOps engineer
I want to migrate our npm package publishing process to use npm Trusted Publisher authentication
So that we eliminate long‑lived tokens and improve the overall security of our CI/CD pipeline.

Acceptance Criteria

  • Configure npm Trusted Publisher for the npm packages.
  • Update GitHub Actions workflows to include id-token: write permissions.
  • Ensure the CI environment uses npm >= 11.5.1 to support OIDC authentication.
  • Validate that pnpm publish works seamlessly via the underlying npm publish command.
  • Remove legacy npm auth tokens and secrets from repository settings.
  • Document the new publishing flow in the project’s README or CONTRIBUTING guide.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions