Skip to content

ci: authenticate npm publish with NPM_TOKEN secret#84

Merged
nujovich merged 1 commit into
mainfrom
fix/publish-npm-token
Jul 10, 2026
Merged

ci: authenticate npm publish with NPM_TOKEN secret#84
nujovich merged 1 commit into
mainfrom
fix/publish-npm-token

Conversation

@nujovich

Copy link
Copy Markdown
Owner

What

Switch the publish workflow from OIDC trusted publishing to NPM_TOKEN auth. OIDC kept returning ENEEDAUTH (npm never performed the trusted-publishing handshake despite npm 11.16.0, id-token: write, and a configured trusted publisher), so we move to the reliable token path.

Changes

  • setup-node gets registry-url back so it writes the auth .npmrc.
  • The Publish to npm step sets NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}.
  • --provenance and id-token: write are kept — build provenance still works with token auth.

Required repo secret (before the next publish)

Add an NPM_TOKEN secret (Settings → Secrets and variables → Actions):

  • Create a granular access token on npmjs.com scoped to the mint-ds package with read/write (publish) permission and an expiry.
  • Paste it as the NPM_TOKEN repository secret.

After merge

Re-point the v0.2.1 tag to this commit and re-push so the workflow publishes 0.2.1 with provenance.

@nujovich nujovich merged commit 39caeb6 into main Jul 10, 2026
2 checks passed
@nujovich nujovich deleted the fix/publish-npm-token branch July 10, 2026 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant