From 5b1878d57dab362a372901fbd7a151d074c164dd Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 16 Oct 2025 16:26:18 +0200 Subject: [PATCH 1/7] refactor: introduced trusted publishing --- .github/workflows/release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9d5112428..9332a3884 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,9 @@ on: release: types: [published] +permissions: + id-token: write # Required for OIDC + jobs: init: uses: ./.github/workflows/00-init.yml From 3304ef2793a6a83c3779a4e23e8c2bfa9e3afeca Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 16 Oct 2025 16:27:17 +0200 Subject: [PATCH 2/7] Update publish-npm.sh --- .github/scripts/publish-npm.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh index 847ce0bd0..4876fe7cb 100644 --- a/.github/scripts/publish-npm.sh +++ b/.github/scripts/publish-npm.sh @@ -39,7 +39,6 @@ do echo "🔑 Authenticated with GITHUB" elif [[ $REGISTRY == 'NPM' ]]; then npm config set @db-ui:registry https://registry.npmjs.org/ - npm set //registry.npmjs.org/:_authToken "$NPM_TOKEN" echo "🔑 Authenticated with NPM" else echo "Could not authenticate with $REGISTRY" From 90d96e44c12ef6c287cb8b75106ea917d763d2bf Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 16 Oct 2025 16:28:03 +0200 Subject: [PATCH 3/7] Update 03-publish-packages.yml --- .github/workflows/03-publish-packages.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml index 941cb8bc9..d913aefd1 100644 --- a/.github/workflows/03-publish-packages.yml +++ b/.github/workflows/03-publish-packages.yml @@ -48,7 +48,6 @@ jobs: PRE_RELEASE: ${{ inputs.preRelease }} VALID_SEMVER_VERSION: ${{ inputs.version }} GITHUB_COMMITISH: ${{ github.event.release.target_commitish }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} GPR_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: ⬆ Upload Package Artifact db-ui-base From 5578bc49340dbabb0b981020911d5437b8cb0cf3 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 23 Oct 2025 10:56:46 +0200 Subject: [PATCH 4/7] Update 03-publish-packages.yml --- .github/workflows/03-publish-packages.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml index d913aefd1..ece8ced6f 100644 --- a/.github/workflows/03-publish-packages.yml +++ b/.github/workflows/03-publish-packages.yml @@ -26,6 +26,8 @@ jobs: runs-on: ubuntu-24.04 # Use Ubuntu 24.04 explicitly permissions: id-token: write # Required for OIDC + contents: read + packages: write steps: - name: ⬇ Checkout repo uses: actions/checkout@v4 From 87431b058195fe58533545986a38bf788f3ca240 Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 23 Oct 2025 10:58:39 +0200 Subject: [PATCH 5/7] Update 03-publish-packages.yml From 5eaffbf4d63cc0b90809a9301951cc51fc01fbfd Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 23 Oct 2025 14:58:43 +0200 Subject: [PATCH 6/7] Update 03-publish-packages.yml --- .github/workflows/03-publish-packages.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml index ece8ced6f..1ab234e48 100644 --- a/.github/workflows/03-publish-packages.yml +++ b/.github/workflows/03-publish-packages.yml @@ -27,7 +27,6 @@ jobs: permissions: id-token: write # Required for OIDC contents: read - packages: write steps: - name: ⬇ Checkout repo uses: actions/checkout@v4 From b083ea52f685c459fcea7cda07dc52cc7103c06f Mon Sep 17 00:00:00 2001 From: Maximilian Franzke <787658+mfranzke@users.noreply.github.com> Date: Thu, 23 Oct 2025 14:58:58 +0200 Subject: [PATCH 7/7] Add permissions for contents in release workflow --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9332a3884..94a420cb4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,6 +10,7 @@ on: permissions: id-token: write # Required for OIDC + contents: read jobs: init: