From 7421d722331466993acc63d7db53c8ba65256811 Mon Sep 17 00:00:00 2001
From: Nicolas CHAIX <nicolas.chaix@didomi.io>
Date: Thu, 6 Nov 2025 17:25:49 +0100
Subject: [PATCH 1/3] main requirement to allow github actions to generate OIDC
 tokens

---
 .github/workflows/publish.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5d56f644..89566543 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -11,6 +11,11 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+# Allows GitHub Actions to generate OIDC tokens. See https://docs.github.com/en/actions/concepts/security/openid-connect.
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest

From 01f3d546f14014a2e1de1cf5b2ebd70acf7289f8 Mon Sep 17 00:00:00 2001
From: Nicolas CHAIX <nicolas.chaix@didomi.io>
Date: Thu, 6 Nov 2025 17:26:08 +0100
Subject: [PATCH 2/3] cleanup workflow

---
 .github/workflows/publish.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 89566543..5dd4410a 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -21,6 +21,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Cache Node dependencies
         uses: actions/cache@v4
         with:
@@ -29,9 +32,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-node-
 
-      - name: Checkout
-        uses: actions/checkout@v4
-
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
@@ -39,7 +39,7 @@ jobs:
           registry-url: 'https://registry.npmjs.org'
 
       - name: Install dependencies
-        run: npm install
+        run: npm install -g npm@latest
 
       - name: Prepare and publish
         run: |

From 0f4e19cdb4695021b1435b4ebf0285c7dadbab0e Mon Sep 17 00:00:00 2001
From: Nicolas CHAIX <nicolas.chaix@didomi.io>
Date: Thu, 6 Nov 2025 17:42:22 +0100
Subject: [PATCH 3/3] remove token (not used anymore)

---
 .github/workflows/publish.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5dd4410a..b06d45cf 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -45,5 +45,3 @@ jobs:
         run: |
           npm run prepare
           npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}