From e278cb212fd9984953135dec838eb31fef32c777 Mon Sep 17 00:00:00 2001
From: Precious Oritsedere <rukyjacob@gmail.com>
Date: Fri, 23 Jan 2026 16:40:06 +0000
Subject: [PATCH] update publish workflow

---
 .github/workflows/ci.yml | 28 +++++++++++++++++-----------
 package.json             |  2 +-
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1bcb2f3..1cef3ef 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,9 +2,7 @@
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
 
 name: CI
-permissions:
-  contents: write
-  pull-requests: write
+
 on:
   push:
     branches:
@@ -60,6 +58,9 @@ jobs:
   npm-publish-build:
     needs: build
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read
     steps:
       - uses: actions/download-artifact@v7
         with:
@@ -67,21 +68,25 @@ jobs:
       - uses: actions/setup-node@v6
         with:
           node-version: 20.x
+          registry-url: 'https://registry.npmjs.org'
+      - name: Update npm to latest (required for OIDC)
+        run: npm install -g npm@latest
       - uses: rlespinasse/github-slug-action@v4.x
       - name: Append commit hash to package version
         run: 'sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json'
       - name: Disable pre- and post-publish actions
         run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
-      - uses: JS-DevTools/npm-publish@v4.1.4
+      - name: Publish to npm
         if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
-        with:
-          token: ${{ secrets.NPM_TOKEN }}
-          tag: ${{ env.GITHUB_REF_SLUG }}
+        run: npm publish --tag ${{ env.GITHUB_REF_SLUG }}
           
   npm-publish-latest:
     needs: [build, npm-publish-build]
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/main'
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read
     steps:
       - uses: actions/download-artifact@v7
         with:
@@ -89,10 +94,11 @@ jobs:
       - uses: actions/setup-node@v6
         with:
           node-version: 20.x
+          registry-url: 'https://registry.npmjs.org'
+      - name: Update npm to latest (required for OIDC)
+        run: npm install -g npm@latest
       - name: Disable pre- and post-publish actions
         run: 'sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
-      - uses: JS-DevTools/npm-publish@v4.1.4
+      - name: Publish to npm
         if: github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
-        with:
-          token: ${{ secrets.NPM_TOKEN }}
-          tag: latest
+        run: npm publish --tag latest
diff --git a/package.json b/package.json
index ba3bbe3..87746d8 100644
--- a/package.json
+++ b/package.json
@@ -39,7 +39,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/solidos/solid-logic.git"
+    "url": "git+https://github.com/SolidOS/solid-logic.git"
   },
   "author": "",
   "license": "MIT",