From 7e3f4e388ab897e7954c1d035ee51265c9a5ea48 Mon Sep 17 00:00:00 2001 From: Phil Leggetter Date: Tue, 16 Dec 2025 16:08:05 +0000 Subject: [PATCH 1/2] chore(ci): update permissions for OIDC trusted publishing --- .github/workflows/release.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bfc53ac..ae508ff 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -78,6 +78,9 @@ jobs: publish-npm: runs-on: ubuntu-latest needs: [build-windows, build-linux, build-mac] + permissions: + id-token: write # Required for OIDC trusted publishing + contents: write # Required for committing package.json changes steps: - uses: actions/checkout@v4 with: @@ -128,9 +131,9 @@ jobs: uses: EndBug/add-and-commit@v9 with: default_author: github_actions - message: 'Update package.json version to ${{ steps.tag-version.outputs.TAG_VERSION }}' - add: 'package.json' - + message: "Update package.json version to ${{ steps.tag-version.outputs.TAG_VERSION }}" + add: "package.json" + - run: npm ci - name: Determine npm tag for pre-releases @@ -144,6 +147,4 @@ jobs: echo "tag=${NPM_TAG}" >> $GITHUB_OUTPUT echo "npm tag: ${NPM_TAG}" - - run: npm publish --tag ${{ steps.npm_tag.outputs.tag }} - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + - run: npm publish --provenance --tag ${{ steps.npm_tag.outputs.tag }} From 87a2fe6c3d58a1ae8824e292b88a5e129a9600e0 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 16 Dec 2025 16:19:17 +0000 Subject: [PATCH 2/2] Update package.json version to 1.4.0-alpha.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e34c9f1..53a5353 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "hookdeck-cli", - "version": "1.4.0", + "version": "1.4.0-alpha.1", "description": "Hookdeck CLI", "repository": { "type": "git",