diff --git a/.github/workflows/release-canary.yml b/.github/workflows/release-canary.yml index 61ece30e3..152ef0d48 100644 --- a/.github/workflows/release-canary.yml +++ b/.github/workflows/release-canary.yml @@ -11,14 +11,17 @@ on: jobs: build_and_publish: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: read + id-token: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - submodules: true - name: Set up Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: node-version: 16 @@ -38,8 +41,9 @@ jobs: - id: publish name: Publish to NPM - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v3 with: token: ${{ secrets.NPM_TOKEN }} dry-run: false tag: canary + provenance: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b0cb37e6e..52e8d7c85 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,19 +11,22 @@ on: jobs: build_and_publish: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: read + id-token: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: fetch-depth: 0 - submodules: true - name: Set up Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: - node-version: 16 - + node-version: 20 + - name: Checkout zod-deno - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: token: ${{ secrets.ZOD_BOT_TOKEN }} repository: colinhacks/zod-deno @@ -42,10 +45,11 @@ jobs: - id: publish name: Publish to NPM - uses: JS-DevTools/npm-publish@v1 + uses: JS-DevTools/npm-publish@v3 with: token: ${{ secrets.NPM_TOKEN }} dry-run: false + provenance: true - name: Post-publish if: steps.publish.outputs.type != 'none'