From 9879e61d78cda694dec8cdccf5ebf91534c7a8ea Mon Sep 17 00:00:00 2001 From: Tanjeem Hossain Date: Tue, 4 Nov 2025 12:13:06 -0500 Subject: [PATCH] ci: pin to version v3.1.0 The reason we are using the "ci" prefix for the commit message is because We do not want to actually trigger a new release here, take a look at DX-2123 for more details. Now that `npm-token` is no longer a required secret, we can check the release logs and see that OIDC Trusted Publishing is being used. The change to the `npm-token` requirement was made in the pinned SHA version 3.1.0 of semantic-release-action/typescript. Ticket: DX-2243 --- .github/workflows/release.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c51b4b57..5d58bef7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,8 +22,6 @@ on: jobs: release: - uses: semantic-release-action/typescript/.github/workflows/release.yml@1d40c29e2d500f3bcceeb13f95d26a3a1b571f51 # v3.0.20 - secrets: - npm-token: "FAKE_NPM_TOKEN_FOR_SEMANTIC_RELEASE" + uses: semantic-release-action/typescript/.github/workflows/release.yml@70c4b6f612fd516692472d20eac1c590ac08cd20 # v3.1.0 with: disable-semantic-release-git: true