From 903dc389d2e992efbc02fd60526c81216752ecc6 Mon Sep 17 00:00:00 2001
From: Julien Vignoud <33122365+JulienVig@users.noreply.github.com>
Date: Fri, 5 Jun 2026 13:13:58 +0200
Subject: [PATCH] Migrate npm publishing to Trusted Publisher instead of access
 tokens

---
 .github/workflows/publish-deploy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish-deploy.yml b/.github/workflows/publish-deploy.yml
index c31dda8c6..2766df3a3 100644
--- a/.github/workflows/publish-deploy.yml
+++ b/.github/workflows/publish-deploy.yml
@@ -8,6 +8,7 @@ jobs:
   publish-npm:
     runs-on: ubuntu-latest
     permissions:
+      id-token: write
       contents: read
     steps:
       - uses: actions/checkout@v6
@@ -15,6 +16,7 @@ jobs:
         with:
           node-version-file: .nvmrc
           registry-url: "https://registry.npmjs.org"
+          package-manager-cache: false  # never use caching in release builds
           scope: "@epfml"
       - uses: actions/cache@v5
         with:
@@ -27,9 +29,7 @@ jobs:
         if: github.ref_type == 'branch'
       - run: npm --workspace=discojs{,-node,-web} run build
       - run: npm --workspace=discojs{,-node,-web} publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
+       
   build-webapp:
     if: github.ref_type == 'branch'
     runs-on: ubuntu-latest