We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent d197e32 commit 1e4d16cCopy full SHA for 1e4d16c
1 file changed
scripts/release/publish.sh
@@ -4,6 +4,12 @@ set -euo pipefail
4
5
if [ -z "${NODE_AUTH_TOKEN:-}" ]; then
6
unset NODE_AUTH_TOKEN
7
+ # OIDC trusted publishing authenticates via short-lived OIDC tokens, so the
8
+ # .npmrc must not declare an _authToken. Strip the line that actions/setup-node
9
+ # wrote so yarn parses a clean config and npm falls through to the OIDC flow.
10
+ if [ -n "${NPM_CONFIG_USERCONFIG:-}" ] && [ -f "$NPM_CONFIG_USERCONFIG" ]; then
11
+ sed -i '/_authToken=/d' "$NPM_CONFIG_USERCONFIG"
12
+ fi
13
fi
14
15
yarn install --frozen-lockfile
0 commit comments