Skip to content

fix: add always-auth to release workflow for robust npm publish#41

Merged
ZachDreamZ merged 1 commit into
mainfrom
fix/release-workflow-auth
Jun 27, 2026
Merged

fix: add always-auth to release workflow for robust npm publish#41
ZachDreamZ merged 1 commit into
mainfrom
fix/release-workflow-auth

Conversation

@ZachDreamZ

@ZachDreamZ ZachDreamZ commented Jun 27, 2026

Copy link
Copy Markdown
Owner

Problem

The tag-based release workflow (PR #40) ran on v1.1.1 but failed during npm publish with a 404 error claiming the package was not found — even though it exists in the registry.

Fix

Add always-auth: true to actions/setup-node@v4. This ensures NODE_AUTH_TOKEN is written to .npmrc and npm always sends auth headers for the registry, preventing 404 errors when the registry needs authentication for package verification.

Quality Gates

  • Version bumped to 1.1.2
  • Tests not affected (workflow-only change)

Open in Devin Review

@ZachDreamZ
ZachDreamZ merged commit 5f11629 into main Jun 27, 2026
4 of 5 checks passed
The tag-based release workflow failed on first run with 404 for npm
publish. Adding always-auth: true to setup-node ensures NODE_AUTH_TOKEN
is properly set in .npmrc and respected by npm during publish.

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

Open in Devin Review

Comment thread package.json
{
"name": "pi-ultra-compact",
"version": "1.1.1",
"version": "1.1.2",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Version bumped without a corresponding changelog entry

The package version is bumped to 1.1.2 (package.json:3) without adding a matching section to the changelog, so users and maintainers have no record of what changed in this release.

Impact: The published npm package will have an undocumented version, breaking the project's changelog-driven release process.

CONTRIBUTING.md release process violation details

The CONTRIBUTING.md release process states:

  • "CHANGELOG.md is updated with [Unreleased] entries" (step 2)
  • "Version bumps follow semver based on changelog content"

The CHANGELOG.md (CHANGELOG.md:36-46) has an entry for [1.1.1] but no entry for [1.1.2]. Every prior version bump in the project (1.1.1, 1.1.0, 1.0.0, etc.) includes a corresponding changelog section. This PR bumps the version but does not add a [1.1.2] section documenting the always-auth workflow fix.

Prompt for agents
The version in package.json was bumped from 1.1.1 to 1.1.2 but CHANGELOG.md has no corresponding [1.1.2] section. Per CONTRIBUTING.md, the changelog should be updated alongside version bumps. Add a [1.1.2] section to CHANGELOG.md (before the [1.1.1] section around line 36) documenting the always-auth fix to the release workflow. Follow the existing format used by other entries (e.g. the [1.1.1] entry at lines 36-46).
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant