From 4b42bbd6e6f04aa6df9ec1e3ef71f49273d81565 Mon Sep 17 00:00:00 2001
From: chris <christo1771@gmail.com>
Date: Sat, 1 Nov 2025 23:16:40 -0400
Subject: [PATCH] Use trusted publisher OIDC to publish package

---
 .github/workflows/publish.yml | 21 +++++++--------------
 mise.toml                     |  4 ++++
 2 files changed, 11 insertions(+), 14 deletions(-)
 create mode 100644 mise.toml

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 0ae7a9e..66cfc8e 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,9 +5,9 @@ on:
     branches:
       - 'main'
 
-env:
-  NODE_VERSION: 20
-  PNPM_VERSION: 9
+permissions:
+  id-token: write # Required for OIDC
+  contents: read
 
 jobs:
   publish-js:
@@ -18,16 +18,11 @@ jobs:
       - name: Checkout project
         uses: actions/checkout@v4
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
+      - name: Install Mise
+        uses: caido/action-mise-action@v3.2.0
         with:
-          node-version: ${{ env.NODE_VERSION }}
-
-      - name: Setup pnpm
-        uses: pnpm/action-setup@v4.0.0
-        with:
-          version: ${{ env.PNPM_VERSION }}
-          run_install: false
+          working_directory: .
+          version: ${{ vars.CI__MISE_VERSION }}
 
       - name: Install
         run: pnpm install
@@ -37,8 +32,6 @@ jobs:
 
       - name: Publish
         shell: bash
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           # Read the current version from package.json
           CURRENT_VERSION=$(jq -r '.version' ./package.json)
diff --git a/mise.toml b/mise.toml
new file mode 100644
index 0000000..ba92c5c
--- /dev/null
+++ b/mise.toml
@@ -0,0 +1,4 @@
+[tools]
+node = '22'
+"npm:npm" = "11.6.2"
+pnpm = '10.20.0'