diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index bbfaa1d..4904209 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -28,7 +28,7 @@ jobs: - name: Set up Node.js uses: actions/setup-node@v4 with: - node-version: 20 + node-version: 24 registry-url: https://registry.npmjs.org - name: Validate release tag matches package version diff --git a/RELEASING.md b/RELEASING.md index bc5c99d..69d4ec9 100644 --- a/RELEASING.md +++ b/RELEASING.md @@ -18,6 +18,8 @@ - Publishing is handled by GitHub Actions via `.github/workflows/publish.yml`. - npm publishing uses trusted publishing with GitHub OIDC; no long-lived npm token or PAT is required. - The publish job runs in the `npm-release` GitHub environment. +- `package.json` must include a `repository.url` that exactly matches `https://github.com/ScopeLift/stealth-address-sdk`. +- The npm package's trusted publisher settings must exactly match `ScopeLift/stealth-address-sdk`, workflow `publish.yml`, and environment `npm-release`. - Release tags publish to npm with the default `latest` dist-tag. - The publish job fails unless the tag version matches `package.json` and the tag points at the latest `main` commit. diff --git a/package.json b/package.json index 14ec37a..a83e65a 100644 --- a/package.json +++ b/package.json @@ -5,6 +5,10 @@ "types": "dist/index.d.ts", "module": "dist/index.js", "type": "module", + "repository": { + "type": "git", + "url": "git+https://github.com/ScopeLift/stealth-address-sdk.git" + }, "files": [ "dist/config", "dist/index.d.ts",