From 6d85063e73710febd82bc1d7f15e27b0c7d2a4ad Mon Sep 17 00:00:00 2001
From: mostafa <mst404@gmail.com>
Date: Sun, 21 Dec 2025 21:10:08 +0330
Subject: [PATCH] Switch to npm trusted publishing (OIDC) - no tokens needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add id-token: write permission for OIDC
- Upgrade to Node.js 24 (npm 11.5.1+)
- Use --provenance --access public for npm publish
- Remove NPM_TOKEN dependency

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .github/workflows/update-database.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update-database.yml b/.github/workflows/update-database.yml
index d557259..119bcc0 100644
--- a/.github/workflows/update-database.yml
+++ b/.github/workflows/update-database.yml
@@ -11,6 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      id-token: write  # Required for npm trusted publishing (OIDC)
 
     steps:
       - name: Checkout repository
@@ -21,7 +22,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '24'  # Node 24 includes npm 11.5.1+ required for OIDC
           registry-url: 'https://registry.npmjs.org'
 
       - name: Download latest GeoLite2-City database
@@ -97,9 +98,7 @@ jobs:
 
       - name: Publish to npm
         if: steps.check_changes.outputs.changed == 'true'
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --provenance --access public
 
       - name: Summary
         run: |