diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e7aa8c1d8..52db8a039 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,7 +14,6 @@ jobs: - run: pnpm build - env: GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} uses: JoshuaKGoldberg/release-it-action@dc71f396c291f62f9a17701cfc4d4a3e7c263020 # v0.3.2 name: Release diff --git a/.release-it.json b/.release-it.json index 2f0039915..3101f5928 100644 --- a/.release-it.json +++ b/.release-it.json @@ -4,7 +4,7 @@ "requireCommits": true }, "github": { "release": true, "releaseName": "v${version}" }, - "npm": { "publishArgs": ["--access public", "--provenance"] }, + "npm": { "skipChecks": true }, "plugins": { "@release-it/conventional-changelog": { "infile": "CHANGELOG.md", diff --git a/docs/Setup.md b/docs/Setup.md index c18d1779b..e690f8412 100644 --- a/docs/Setup.md +++ b/docs/Setup.md @@ -16,9 +16,8 @@ The setup script will by default: You'll then need to manually go through the following two steps to set up tooling on GitHub: -1. Create two tokens in [repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) _(unless you chose to opt out of releases)_: +1. Create one token in [repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) _(unless you chose to opt out of releases)_: - `ACCESS_TOKEN`: A [GitHub PAT](https://github.com/settings/tokens/new) with _repo_ and _workflow_ permissions - - `NPM_TOKEN`: An [npm access token](https://docs.npmjs.com/creating-and-viewing-access-tokens/) with _Automation_ permissions 2. Install two GitHub apps: - [Codecov](https://github.com/marketplace/codecov) _(unless you chose to opt out of tests)_ - [Renovate](https://github.com/marketplace/renovate) _(unless you chose to opt out of renovate)_ diff --git a/docs/Transition.md b/docs/Transition.md index 97e69e832..496eae207 100644 --- a/docs/Transition.md +++ b/docs/Transition.md @@ -23,9 +23,8 @@ For example, if the repository previously using Jest for testing: You'll then need to manually go through the following two steps to set up tooling on GitHub: -1. Create two tokens in [repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) _(unless you chose to opt out of releases)_: +1. Create one token in [repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) _(unless you chose to opt out of releases)_: - `ACCESS_TOKEN`: A [GitHub PAT](https://github.com/settings/tokens/new) with _repo_ and _workflow_ permissions - - `NPM_TOKEN`: An [npm access token](https://docs.npmjs.com/creating-and-viewing-access-tokens/) with _Automation_ permissions 2. Install two GitHub apps: - [Codecov](https://github.com/marketplace/codecov) _(unless you chose to opt out of tests)_ - [Renovate](https://github.com/marketplace/renovate) _(unless you chose to opt out of renovate)_ diff --git a/docs/UseThisTemplate.md b/docs/UseThisTemplate.md index 9395a4881..42d746511 100644 --- a/docs/UseThisTemplate.md +++ b/docs/UseThisTemplate.md @@ -11,9 +11,8 @@ npx create-typescript-app You'll then need to manually go through the following two steps to set up tooling on GitHub: -1. Create two tokens in [repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) _(unless you chose to opt out of releases)_: +1. Create one token in [repository secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) _(unless you chose to opt out of releases)_: - `ACCESS_TOKEN`: A [GitHub PAT](https://github.com/settings/tokens/new) with _repo_ and _workflow_ permissions - - `NPM_TOKEN`: An [npm access token](https://docs.npmjs.com/creating-and-viewing-access-tokens/) with _Automation_ permissions 2. Install two GitHub apps: - [Codecov](https://github.com/marketplace/codecov) _(unless you chose to opt out of tests)_ - [Renovate](https://github.com/marketplace/renovate) _(unless you chose to opt out of renovate)_ diff --git a/package.json b/package.json index 814e99c43..0cadaf872 100644 --- a/package.json +++ b/package.json @@ -112,8 +112,5 @@ "packageManager": "pnpm@10.25.0", "engines": { "node": ">=20.19.0" - }, - "publishConfig": { - "provenance": true } } diff --git a/src/blocks/blockReleaseIt.test.ts b/src/blocks/blockReleaseIt.test.ts index c3d1c6a66..006f4d332 100644 --- a/src/blocks/blockReleaseIt.test.ts +++ b/src/blocks/blockReleaseIt.test.ts @@ -18,9 +18,6 @@ describe("blockReleaseIt", () => { "@release-it/conventional-changelog": "10.0.2", "release-it": "19.0.6", }, - "publishConfig": { - "provenance": true, - }, "scripts": { "should-semantic-release": undefined, }, @@ -47,10 +44,6 @@ describe("blockReleaseIt", () => { "description": "a GitHub PAT with repo and workflow permissions", "name": "ACCESS_TOKEN", }, - { - "description": "an npm access token with automation permissions", - "name": "NPM_TOKEN", - }, ], }, "block": [Function], @@ -110,7 +103,6 @@ describe("blockReleaseIt", () => { - uses: ./.github/actions/prepare - env: GITHUB_TOKEN: \${{ secrets.ACCESS_TOKEN }} - NPM_TOKEN: \${{ secrets.NPM_TOKEN }} uses: JoshuaKGoldberg/release-it-action@v0.3.2 @@ -129,8 +121,12 @@ describe("blockReleaseIt", () => { ", }, }, - ".release-it.json": "{"git":{"commitMessage":"chore: release v\${version}","requireCommits":true},"github":{"release":true,"releaseName":"v\${version}"},"npm":{"publishArgs":["--access public","--provenance"]},"plugins":{"@release-it/conventional-changelog":{"infile":"CHANGELOG.md","preset":"conventionalcommits","types":[{"section":"Features","type":"feat"},{"section":"Bug Fixes","type":"fix"},{"section":"Performance Improvements","type":"perf"},{"hidden":true,"type":"build"},{"hidden":true,"type":"chore"},{"hidden":true,"type":"ci"},{"hidden":true,"type":"docs"},{"hidden":true,"type":"refactor"},{"hidden":true,"type":"style"},{"hidden":true,"type":"test"}]}}}", + ".release-it.json": "{"git":{"commitMessage":"chore: release v\${version}","requireCommits":true},"github":{"release":true,"releaseName":"v\${version}"},"npm":{"skipChecks":true},"plugins":{"@release-it/conventional-changelog":{"infile":"CHANGELOG.md","preset":"conventionalcommits","types":[{"section":"Features","type":"feat"},{"section":"Bug Fixes","type":"fix"},{"section":"Performance Improvements","type":"perf"},{"hidden":true,"type":"build"},{"hidden":true,"type":"chore"},{"hidden":true,"type":"ci"},{"hidden":true,"type":"docs"},{"hidden":true,"type":"refactor"},{"hidden":true,"type":"style"},{"hidden":true,"type":"test"}]}}}", }, + "suggestions": [ + "- add test-owner/test-repository and \`release.yaml\` as a Trusted Publisher on: + https://www.npmjs.com/package/test-repository/access", + ], } `); }); @@ -166,9 +162,6 @@ describe("blockReleaseIt", () => { "@release-it/conventional-changelog": "10.0.2", "release-it": "19.0.6", }, - "publishConfig": { - "provenance": true, - }, "scripts": { "should-semantic-release": undefined, }, @@ -195,10 +188,6 @@ describe("blockReleaseIt", () => { "description": "a GitHub PAT with repo and workflow permissions", "name": "ACCESS_TOKEN", }, - { - "description": "an npm access token with automation permissions", - "name": "NPM_TOKEN", - }, ], }, "block": [Function], @@ -261,7 +250,6 @@ describe("blockReleaseIt", () => { - run: two - env: GITHUB_TOKEN: \${{ secrets.ACCESS_TOKEN }} - NPM_TOKEN: \${{ secrets.NPM_TOKEN }} uses: JoshuaKGoldberg/release-it-action@v0.3.2 @@ -280,8 +268,12 @@ describe("blockReleaseIt", () => { ", }, }, - ".release-it.json": "{"git":{"commitMessage":"chore: release v\${version}","requireCommits":true},"github":{"release":true,"releaseName":"v\${version}"},"npm":{"publishArgs":["--access public","--provenance"]},"plugins":{"@release-it/conventional-changelog":{"infile":"CHANGELOG.md","preset":"conventionalcommits","types":[{"section":"Features","type":"feat"},{"section":"Bug Fixes","type":"fix"},{"section":"Performance Improvements","type":"perf"},{"hidden":true,"type":"build"},{"hidden":true,"type":"chore"},{"hidden":true,"type":"ci"},{"hidden":true,"type":"docs"},{"hidden":true,"type":"refactor"},{"hidden":true,"type":"style"},{"hidden":true,"type":"test"}]}}}", + ".release-it.json": "{"git":{"commitMessage":"chore: release v\${version}","requireCommits":true},"github":{"release":true,"releaseName":"v\${version}"},"npm":{"skipChecks":true},"plugins":{"@release-it/conventional-changelog":{"infile":"CHANGELOG.md","preset":"conventionalcommits","types":[{"section":"Features","type":"feat"},{"section":"Bug Fixes","type":"fix"},{"section":"Performance Improvements","type":"perf"},{"hidden":true,"type":"build"},{"hidden":true,"type":"chore"},{"hidden":true,"type":"ci"},{"hidden":true,"type":"docs"},{"hidden":true,"type":"refactor"},{"hidden":true,"type":"style"},{"hidden":true,"type":"test"}]}}}", }, + "suggestions": [ + "- add test-owner/test-repository and \`release.yaml\` as a Trusted Publisher on: + https://www.npmjs.com/package/test-repository/access", + ], } `); }); diff --git a/src/blocks/blockReleaseIt.ts b/src/blocks/blockReleaseIt.ts index 06b94b98c..74188c269 100644 --- a/src/blocks/blockReleaseIt.ts +++ b/src/blocks/blockReleaseIt.ts @@ -33,9 +33,6 @@ export const blockReleaseIt = base.createBlock({ "@release-it/conventional-changelog", "release-it", ), - publishConfig: { - provenance: true, - }, scripts: { "should-semantic-release": undefined, }, @@ -56,10 +53,6 @@ export const blockReleaseIt = base.createBlock({ description: "a GitHub PAT with repo and workflow permissions", name: "ACCESS_TOKEN", }, - { - description: "an npm access token with automation permissions", - name: "NPM_TOKEN", - }, ], }), ], @@ -147,7 +140,6 @@ export const blockReleaseIt = base.createBlock({ { env: { GITHUB_TOKEN: "${{ secrets.ACCESS_TOKEN }}", - NPM_TOKEN: "${{ secrets.NPM_TOKEN }}", }, uses: resolveUses( "JoshuaKGoldberg/release-it-action", @@ -168,9 +160,7 @@ export const blockReleaseIt = base.createBlock({ release: true, releaseName: "v${version}", }, - npm: { - publishArgs: [`--access ${options.access}`, "--provenance"], - }, + npm: { skipChecks: true }, plugins: { "@release-it/conventional-changelog": { infile: "CHANGELOG.md", @@ -191,6 +181,12 @@ export const blockReleaseIt = base.createBlock({ }, }), }, + suggestions: [ + [ + `- add ${options.owner}/${options.repository} and \`release.yaml\` as a Trusted Publisher on:`, + ` https://www.npmjs.com/package/${options.repository}/access`, + ].join("\n"), + ], }; }, });