From ef82df396c01e6b982b6083e56f8cedea34e930c Mon Sep 17 00:00:00 2001 From: Alessandro Kreslin Date: Tue, 27 Jan 2026 14:24:49 -0500 Subject: [PATCH 1/3] updated npm publish to trusted publisher --- .github/workflows/publish_validator.yml | 26 ++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/publish_validator.yml b/.github/workflows/publish_validator.yml index 96d80f3..31bf81c 100644 --- a/.github/workflows/publish_validator.yml +++ b/.github/workflows/publish_validator.yml @@ -3,7 +3,13 @@ name: GBFS Validator Package - Publish on: push: branches: - - master + - feat/trusted-publisher-publishing + +# Npm authentication via OpenID Connect (OIDC) +# https://docs.npmjs.com/trusted-publishers +permissions: + id-token: write # Required for OIDC + contents: read jobs: check-versions: @@ -58,24 +64,18 @@ jobs: fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@v2 + uses: actions/setup-node@v4 with: - node-version: '18' + node-version: '20' registry-url: 'https://registry.npmjs.org' - name: Install dependencies run: yarn - - name: Load secrets from 1Password - uses: 1password/load-secrets-action@v2.0.0 - with: - export-env: true # Export loaded secrets as environment variables - env: - OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} - NODE_AUTH_TOKEN: "op://rbiv7rvkkrsdlpcrz3bmv7nmcu/ppzc4jxrwkf3omdmcs7z2wiwum/credential" - + # Ensure npm 11.5.1 or later is installed for OIDC support + - name: Update npm + run: npm install -g npm@11.6.2 + - name: Publish to npm run: npm publish - env: - NODE_AUTH_TOKEN: ${{ env.NODE_AUTH_TOKEN }} From 76f8613884c681d3a11e5dd0c0136a22ae4c26d2 Mon Sep 17 00:00:00 2001 From: Alessandro Kreslin Date: Tue, 27 Jan 2026 14:25:00 -0500 Subject: [PATCH 2/3] test publish --- README.md | 2 +- gbfs-validator/package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dff7621..3ac65d5 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![All Contributors](https://img.shields.io/github/all-contributors/MobilityData/gbfs-validator?color=blue&style=flat)](#contributors) -A [General Bikeshare Feed Specification](https://github.com/MobilityData/gbfs) dataset validator +A [General Bikeshare Feed Specification](https://github.com/MobilityData/gbfs) dataset validator. ## Introduction diff --git a/gbfs-validator/package.json b/gbfs-validator/package.json index 690f549..9b943a0 100644 --- a/gbfs-validator/package.json +++ b/gbfs-validator/package.json @@ -1,6 +1,6 @@ { "name": "gbfs-validator", - "version": "1.0.14", + "version": "1.0.15", "author": "MobilityData", "main": "index.js", "license": "MIT", From 22bdb2e7ecda29471ce5cfe5ab747deed94e65e1 Mon Sep 17 00:00:00 2001 From: Alessandro Kreslin Date: Tue, 27 Jan 2026 14:28:33 -0500 Subject: [PATCH 3/3] revert publish to only main --- .github/workflows/publish_validator.yml | 2 +- README.md | 2 +- gbfs-validator/package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_validator.yml b/.github/workflows/publish_validator.yml index 31bf81c..849df84 100644 --- a/.github/workflows/publish_validator.yml +++ b/.github/workflows/publish_validator.yml @@ -3,7 +3,7 @@ name: GBFS Validator Package - Publish on: push: branches: - - feat/trusted-publisher-publishing + - master # Npm authentication via OpenID Connect (OIDC) # https://docs.npmjs.com/trusted-publishers diff --git a/README.md b/README.md index 3ac65d5..dff7621 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![All Contributors](https://img.shields.io/github/all-contributors/MobilityData/gbfs-validator?color=blue&style=flat)](#contributors) -A [General Bikeshare Feed Specification](https://github.com/MobilityData/gbfs) dataset validator. +A [General Bikeshare Feed Specification](https://github.com/MobilityData/gbfs) dataset validator ## Introduction diff --git a/gbfs-validator/package.json b/gbfs-validator/package.json index 9b943a0..3b4130d 100644 --- a/gbfs-validator/package.json +++ b/gbfs-validator/package.json @@ -1,6 +1,6 @@ { "name": "gbfs-validator", - "version": "1.0.15", + "version": "1.0.16", "author": "MobilityData", "main": "index.js", "license": "MIT",