From ffae827e13e1f82b457e15e01c36a527324e956d Mon Sep 17 00:00:00 2001 From: Patrick Wozniak Date: Tue, 2 Jun 2026 10:58:04 +0200 Subject: [PATCH] ci(release): remove publish workflow --- .github/workflows/publish.yml | 22 ---------------------- .gitleaks.toml | 2 -- RELEASE.md | 4 ++-- 3 files changed, 2 insertions(+), 26 deletions(-) delete mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index f7fd041..0000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Publish package - -on: - release: - types: [published] - workflow_dispatch: - -jobs: - publish: - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: 20 - registry-url: https://registry.npmjs.org - - run: npm publish --access public --provenance - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} diff --git a/.gitleaks.toml b/.gitleaks.toml index fd3908d..e1c2d97 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -8,8 +8,6 @@ title = "pi-commandcode-provider secret scan" paths = [ # Test fixtures use intentionally fake credentials. "^tests/", - # CI workflows reference NPM_TOKEN secret name - ".github/workflows/publish.yml", ] # ────────────────────────────────────────────────────────── diff --git a/RELEASE.md b/RELEASE.md index c13b5fd..679c520 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -173,13 +173,13 @@ git tag -a v0.1.1 -m "Release 0.1.1" git push origin v0.1.1 ``` -Publish stable: +Publish stable locally: ```sh npm publish --tag latest --access public ``` -If npm asks for browser or OTP auth, run the publish command manually and complete the npm prompt. +Publishing is intentionally manual/local; there is no GitHub Actions publish workflow. If npm asks for browser or OTP auth, complete the npm prompt locally. Verify npm: