Skip to content

ci: add GitHub Actions workflow to verify npm publish authentication …#436

Closed
radist2s wants to merge 3 commits into
mainfrom
test/npm
Closed

ci: add GitHub Actions workflow to verify npm publish authentication …#436
radist2s wants to merge 3 commits into
mainfrom
test/npm

Conversation

@radist2s

@radist2s radist2s commented May 14, 2026

Copy link
Copy Markdown
Collaborator

…and package access

github-advanced-security[bot]
github-advanced-security AI found potential problems May 14, 2026
View reviewed changes
Comment thread .github/workflows/npm-auth-check.yml

- name: Configure npm auth
run: |
set -euo pipefail
Comment thread .github/workflows/npm-auth-check.yml

- name: Check publish registry authentication
run: |
set -euo pipefail
Comment thread .github/workflows/npm-auth-check.yml

for scope in openapi-qraft qraft; do
echo "::group::@${scope} publish registry"
yarn npm whoami --scope "${scope}" --publish
Comment thread .github/workflows/npm-auth-check.yml
for scope in openapi-qraft qraft; do
echo "::group::@${scope} publish registry"
yarn npm whoami --scope "${scope}" --publish
echo "::endgroup::"
Comment thread .github/workflows/npm-auth-check.yml Fixed
Comment thread .github/workflows/npm-auth-check.yml Fixed
Comment thread .github/workflows/npm-auth-check.yml Fixed
Comment thread .github/workflows/npm-auth-check.yml Fixed
@changeset-bot

changeset-bot Bot commented May 14, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 80a5d62

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
github-advanced-security[bot]
github-advanced-security AI found potential problems May 14, 2026
View reviewed changes
Comment thread .changeset/publish.sh
echo "Checking npm publish authentication"

for scope in $NPM_PUBLISH_SCOPES; do
if ! yarn npm whoami --scope "$scope" --publish; then
Comment thread .github/workflows/npm-auth-check.yml
echo "::endgroup::"
done
env:
NPM_CONFIG_USERCONFIG: ${{ runner.temp }}/npmrc
@github-actions

github-actions Bot commented May 14, 2026

Copy link
Copy Markdown
Contributor

@check-spelling-bot Report

🔴 Please review

See the 📂 files view, the 📜action log, or 📝 job summary for details.

Unrecognized words (4)

endgroup
euo
USERCONFIG
whoami

To accept these unrecognized words as correct, you could run the following commands

... in a clone of the git@github.com:OpenAPI-Qraft/openapi-qraft.git repository
on the test/npm branch (ℹ️ how do I use this?):

curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/v0.0.24/apply.pl' |
perl - 'https://github.com/OpenAPI-Qraft/openapi-qraft/actions/runs/25859974984/attempts/1'

OR

To have the bot accept them for you, comment in the PR quoting the following line:
@check-spelling-bot apply updates.

If the flagged items are 🤯 false positives

If items relate to a ...

  • binary file (or some other file you wouldn't want to check at all).

    Please add a file path to the excludes.txt file matching the containing file.

    File paths are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your files.

    ^ refers to the file's path from the root of the repository, so ^README\.md$ would exclude README.md (on whichever branch you're using).

  • well-formed pattern.

    If you can write a pattern that would match it,
    try adding it to the patterns.txt file.

    Patterns are Perl 5 Regular Expressions - you can test yours before committing to verify it will match your lines.

    Note that patterns can't match multiline strings.

🚂 If you're seeing this message and your PR is from a branch that doesn't have check-spelling,
please merge to your PR's base branch to get the version configured for your repository.

@radist2s radist2s closed this May 14, 2026
@radist2s radist2s deleted the test/npm branch May 14, 2026 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@radist2s @github-advanced-security