From 171328c9ba79a0fd5ba72eb7bc3b52887d02a470 Mon Sep 17 00:00:00 2001
From: Ricardo Amaral <ricardo@doist.com>
Date: Thu, 23 Oct 2025 14:29:22 +0100
Subject: [PATCH] ci: Enable trusted publishing and npm provenance

---
 .github/workflows/publish.yml | 18 ++++++++++++++----
 package.json                  |  5 +----
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e4cdbbf..078e22c 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,6 +5,12 @@ on:
         types: [created]
     workflow_dispatch:
 
+permissions:
+    # Enable the use of OIDC for trusted publishing and npm provenance
+    id-token: write
+    # Enable the use of GitHub Packages registry
+    packages: write
+
 jobs:
     publish:
         runs-on: ubuntu-latest
@@ -23,6 +29,9 @@ jobs:
               with:
                   node-version: ${{ steps.nvmrc.outputs.NODE_VERSION }}
 
+            - name: Ensure npm 11.5.1 or later is installed
+              run: npm install -g npm@latest
+
             - name: Install dependencies
               run: npm ci --legacy-peer-deps
 
@@ -42,7 +51,10 @@ jobs:
                   scope: '@doist'
             - run: npm publish
               env:
-                  NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+                  NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Clear npm config between GitHub/npm registries
+              run: rm -f $NPM_CONFIG_USERCONFIG
 
             - name: Publish to npm registry
               uses: actions/setup-node@v3
@@ -50,6 +62,4 @@ jobs:
                   node-version: ${{ steps.nvmrc.outputs.NODE_VERSION }}
                   registry-url: https://registry.npmjs.org/
                   scope: '@doist'
-            - run: npm publish
-              env:
-                  NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
+            - run: npm publish --provenance --access public
diff --git a/package.json b/package.json
index d2824a8..8d20d6a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,7 @@
 {
     "name": "@doist/react-interpolate",
     "version": "2.2.1",
+    "repository": "https://github.com/Doist/react-interpolate",
     "license": "MIT",
     "description": "A string interpolation component that formats and interpolates a template string in a safe way",
     "main": "dist/react-interpolate.cjs",
@@ -23,10 +24,6 @@
         "prettify": "prettier --write ."
     },
     "prettier": "@doist/prettier-config",
-    "repository": {
-        "type": "git",
-        "url": "https://github.com/Doist/react-interpolate.git"
-    },
     "keywords": [
         "react",
         "interpolate",