make npm token more secure

terascope · Jan 10, 2025 · 1130c39 · 1130c39
1 parent 30a5d17
commit 1130c39
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/.github/workflows/publish-tag.yml b/.github/workflows/publish-tag.yml
@@ -30,10 +30,14 @@ jobs:
         run: yarn && yarn setup
 
       - name: Verify npm authentication within yarn
-        run: CI_NPM_AUTH_TOKEN=${{ secrets.NPM_TOKEN }} yarn npm whoami
+        env:
+          CI_NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: yarn npm whoami
 
       - name: Publish to npm
-        run: CI_NPM_AUTH_TOKEN=${{ secrets.NPM_TOKEN }} yarn ts-scripts publish -t tag npm
+        env:
+          CI_NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: yarn ts-scripts publish -t tag npm
 
   docker-build-publish:
     runs-on: ubuntu-latest