sapient/oh-my-openagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): remove .npmrc to enable pure OIDC auth for npm publish

Browse Source
This commit is contained in:
justsisyphus
2026-01-30 12:33:51 +09:00
parent c993cf007f
commit 300a3fdc14
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/publish-platform.yml vendored
View File

@@ -192,24 +192,28 @@ jobs:
if: steps.check.outputs.skip != 'true' if: steps.check.outputs.skip != 'true'
with: with:
node-version: "24" node-version: "24"
registry-url: "https://registry.npmjs.org"
- name: Publish ${{ matrix.platform }} - name: Publish ${{ matrix.platform }}
if: steps.check.outputs.skip != 'true' if: steps.check.outputs.skip != 'true'
run: | run: |
cd packages/${{ matrix.platform }} cd packages/${{ matrix.platform }}
# Remove .npmrc created by setup-node to enable pure OIDC auth
# setup-node adds //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
# which breaks OIDC when NODE_AUTH_TOKEN is empty
rm -f ~/.npmrc
TAG_ARG="" TAG_ARG=""
if [ -n "${{ inputs.dist_tag }}" ]; then if [ -n "${{ inputs.dist_tag }}" ]; then
TAG_ARG="--tag ${{ inputs.dist_tag }}" TAG_ARG="--tag ${{ inputs.dist_tag }}"
fi fi
# Publish with provenance (OIDC authentication) # Publish with provenance (OIDC authentication)
# Increased timeout for large binary uploads (40-120MB) # npm 11.5.1+ auto-detects OIDC environment
npm publish --access public --provenance $TAG_ARG npm publish --access public --provenance $TAG_ARG
env: env:
# Use OIDC - no NODE_AUTH_TOKEN needed
NPM_CONFIG_PROVENANCE: "true" NPM_CONFIG_PROVENANCE: "true"
# Increase timeout for large packages (10 minutes)
npm_config_fetch_timeout: "600000" npm_config_fetch_timeout: "600000"
npm_config_fetch_retry_maxtimeout: "120000" npm_config_fetch_retry_maxtimeout: "120000"
timeout-minutes: 15 timeout-minutes: 15