ci: publish workflow does MCP Registry only (drop doomed npm job) (#50)

The org's npm account enforces 2FA/OTP, which a CI token can't satisfy, so the
npm job failed with EOTP on every release and marked the whole Publish run red
even though the MCP Registry job succeeded. npm is published manually; the CI
npm job was vestigial.

Remove the npm job entirely. The workflow now only publishes to the MCP
Registry (sync server.json → OIDC login → publish), so the run is green when the
registry publish succeeds. Run it after the manual `npm publish` (tag push or
workflow_dispatch); the registry validates the npm version exists.

Co-authored-by: shahinyanm <mher.shahinyan@12go.asia>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Author: 3 people

.github/workflows/publish-mcp.yml

@@ -1,10 +1,11 @@
-name: Publish (npm + MCP Registry)
-
-# Fires on a version tag. Two ordered jobs:
-#   1. npm   — publish the package to npmjs (MCP Registry validates that the
-#              referenced npm version exists, so this must run first).
-#   2. mcp   — sync server.json to the tag version, authenticate via GitHub
-#              OIDC, and publish the server entry to the MCP Registry.
+name: Publish (MCP Registry)
+
+# Publishes the server entry to the MCP Registry. npm is published manually
+# (the org's npm account enforces 2FA/OTP, which a CI token can't satisfy), so
+# this workflow no longer attempts npm — it only syncs server.json to the
+# package version, authenticates via GitHub OIDC, and publishes to the registry.
+# The registry validates that the referenced npm version already exists, so run
+# this AFTER the manual `npm publish` (tag push, or workflow_dispatch).
 on:
   push:
     tags:
@@ -13,24 +14,15 @@ on:
 
 permissions:
   contents: read
-  id-token: write # npm provenance + mcp-publisher github-oidc
+  id-token: write # mcp-publisher github-oidc
 
 jobs:
-  npm:
+  mcp:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v5
 
-      - name: Setup Node
-        uses: actions/setup-node@v5
-        with:
-          node-version: 22
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Install deps
-        run: npm ci
-
       - name: Verify tag matches package.json (tag runs only)
         if: github.ref_type == 'tag'
         run: |
@@ -41,24 +33,6 @@ jobs:
             exit 1
           fi
 
-      - name: Publish to npm
-        run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-  mcp:
-    needs: npm
-    # Decoupled from npm SUCCESS — the registry publish must proceed even when
-    # the npm job fails (EOTP on manual-token publishes). Ordering is kept so
-    # npm runs first on the happy path; the MCP Registry validates the npm
-    # version independently, so a manual `npm publish` satisfies it. Re-run this
-    # job via workflow_dispatch after a manual publish to update the registry.
-    if: ${{ !cancelled() }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
       - name: Install mcp-publisher
         run: |
           curl -sL "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_linux_amd64.tar.gz" | tar xz mcp-publisher