Skip to content

Commit 0382e4a

Browse files
Shahinyanmshahinyanmclaude
authored
ci: publish workflow does MCP Registry only (drop doomed npm job) (#50)
The org's npm account enforces 2FA/OTP, which a CI token can't satisfy, so the npm job failed with EOTP on every release and marked the whole Publish run red even though the MCP Registry job succeeded. npm is published manually; the CI npm job was vestigial. Remove the npm job entirely. The workflow now only publishes to the MCP Registry (sync server.json → OIDC login → publish), so the run is green when the registry publish succeeds. Run it after the manual `npm publish` (tag push or workflow_dispatch); the registry validates the npm version exists. Co-authored-by: shahinyanm <mher.shahinyan@12go.asia> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent d638400 commit 0382e4a

1 file changed

Lines changed: 10 additions & 36 deletions

File tree

.github/workflows/publish-mcp.yml

Lines changed: 10 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,11 @@
1-
name: Publish (npm + MCP Registry)
2-
3-
# Fires on a version tag. Two ordered jobs:
4-
# 1. npm — publish the package to npmjs (MCP Registry validates that the
5-
# referenced npm version exists, so this must run first).
6-
# 2. mcp — sync server.json to the tag version, authenticate via GitHub
7-
# OIDC, and publish the server entry to the MCP Registry.
1+
name: Publish (MCP Registry)
2+
3+
# Publishes the server entry to the MCP Registry. npm is published manually
4+
# (the org's npm account enforces 2FA/OTP, which a CI token can't satisfy), so
5+
# this workflow no longer attempts npm — it only syncs server.json to the
6+
# package version, authenticates via GitHub OIDC, and publishes to the registry.
7+
# The registry validates that the referenced npm version already exists, so run
8+
# this AFTER the manual `npm publish` (tag push, or workflow_dispatch).
89
on:
910
push:
1011
tags:
@@ -13,24 +14,15 @@ on:
1314

1415
permissions:
1516
contents: read
16-
id-token: write # npm provenance + mcp-publisher github-oidc
17+
id-token: write # mcp-publisher github-oidc
1718

1819
jobs:
19-
npm:
20+
mcp:
2021
runs-on: ubuntu-latest
2122
steps:
2223
- name: Checkout
2324
uses: actions/checkout@v5
2425

25-
- name: Setup Node
26-
uses: actions/setup-node@v5
27-
with:
28-
node-version: 22
29-
registry-url: 'https://registry.npmjs.org'
30-
31-
- name: Install deps
32-
run: npm ci
33-
3426
- name: Verify tag matches package.json (tag runs only)
3527
if: github.ref_type == 'tag'
3628
run: |
@@ -41,24 +33,6 @@ jobs:
4133
exit 1
4234
fi
4335
44-
- name: Publish to npm
45-
run: npm publish --access public
46-
env:
47-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
48-
49-
mcp:
50-
needs: npm
51-
# Decoupled from npm SUCCESS — the registry publish must proceed even when
52-
# the npm job fails (EOTP on manual-token publishes). Ordering is kept so
53-
# npm runs first on the happy path; the MCP Registry validates the npm
54-
# version independently, so a manual `npm publish` satisfies it. Re-run this
55-
# job via workflow_dispatch after a manual publish to update the registry.
56-
if: ${{ !cancelled() }}
57-
runs-on: ubuntu-latest
58-
steps:
59-
- name: Checkout
60-
uses: actions/checkout@v5
61-
6236
- name: Install mcp-publisher
6337
run: |
6438
curl -sL "https://github.com/modelcontextprotocol/registry/releases/latest/download/mcp-publisher_linux_amd64.tar.gz" | tar xz mcp-publisher

0 commit comments

Comments
 (0)