diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 80dfa8f..16e1749 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,6 +9,7 @@ jobs: publish: runs-on: ubuntu-latest permissions: + id-token: write contents: write packages: write @@ -35,5 +36,3 @@ jobs: - name: Publish run: npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }} diff --git a/README.md b/README.md index d3a6498..bfb239f 100644 --- a/README.md +++ b/README.md @@ -4,48 +4,3 @@ React Native bridge for the Transact SDK See our [documentation](https://docs.atomicfi.com/reference/transact-sdk#libraries__react-native) for additional information. -## Release Instructions - -This repository uses automated publishing via GitHub releases. When you publish a release, it automatically: - -1. ✅ Updates `package.json` version to match the release tag -2. ✅ Commits the version change back to the repository -3. ✅ Publishes the package to npm with the correct version - -### Creating a Release - -1. **Ensure your code is ready for release** on the `master` branch - -2. **Create a new release** on GitHub: - - Go to [Releases](../../releases) → "Create a new release" - - Use the [release template](RELEASE_TEMPLATE.md) for the release notes - -3. **Publish the release** - This automatically triggers the publish workflow - -### Version Guidelines - -- Use [semantic versioning](https://semver.org/): `MAJOR.MINOR.PATCH` -- Tag format: `1.2.3` -- For testing: Use pre-release tags like `1.2.3-beta.1` - -### What Happens Automatically - -When you publish a release: - -``` -GitHub Release (1.2.3) → Workflow Triggers → Updates package.json → Commits Changes → Publishes to npm -``` - -### Manual Publishing (Fallback) - -If needed, you can manually trigger the publish workflow: - -1. Go to [Actions](../../actions) → "publish" workflow -2. Click "Run workflow" → Select branch → "Run workflow" -3. Note: Manual triggers skip version updates - -### Troubleshooting - -- **Workflow fails**: Check the [Actions](../../actions) tab for detailed logs -- **Version conflicts**: Ensure the release tag doesn't already exist on npm -- **Permission issues**: Verify npm token is properly configured in repository secrets diff --git a/docs/RELEASE.md b/docs/RELEASE.md new file mode 100644 index 0000000..4eccdc3 --- /dev/null +++ b/docs/RELEASE.md @@ -0,0 +1,47 @@ +# Release Instructions + +This repository uses automated publishing via GitHub releases with [npm trusted publishing](https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions) (OIDC-based authentication). No npm tokens or secrets are required — GitHub Actions authenticates directly with npm using OpenID Connect. + +When you publish a release, it automatically: + +1. Updates `package.json` version to match the release tag +2. Commits the version change back to the repository +3. Publishes the package to npm with provenance via trusted publishing + +## Creating a Release + +1. **Ensure your code is ready for release** on the `master` branch + +2. **Create a new release** on GitHub: + - Go to [Releases](../../releases) → "Create a new release" + - Use the [release template](../RELEASE_TEMPLATE.md) for the release notes + +3. **Publish the release** - This automatically triggers the publish workflow + +## Version Guidelines + +- Use [semantic versioning](https://semver.org/): `MAJOR.MINOR.PATCH` +- Tag format: `1.2.3` +- For testing: Use pre-release tags like `1.2.3-beta.1` + +## What Happens Automatically + +When you publish a release: + +``` +GitHub Release (1.2.3) → Workflow Triggers → Updates package.json → Commits Changes → Publishes to npm (via trusted publishing) +``` + +## Manual Publishing (Fallback) + +If needed, you can manually trigger the publish workflow: + +1. Go to [Actions](../../actions) → "publish" workflow +2. Click "Run workflow" → Select branch → "Run workflow" +3. Note: Manual triggers skip version updates + +## Troubleshooting + +- **Workflow fails**: Check the [Actions](../../actions) tab for detailed logs +- **Version conflicts**: Ensure the release tag doesn't already exist on npm +- **Permission issues**: Trusted publishing is configured via the npm package settings. Ensure the GitHub repository is linked as a trusted publisher on npmjs.com under the package's settings.