Skip to content

Commit 1e4d16c

Browse files
authored
Fix OIDC publish by stripping _authToken from .npmrc (#797)
1 parent d197e32 commit 1e4d16c

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

scripts/release/publish.sh

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,12 @@ set -euo pipefail
44

55
if [ -z "${NODE_AUTH_TOKEN:-}" ]; then
66
unset NODE_AUTH_TOKEN
7+
# OIDC trusted publishing authenticates via short-lived OIDC tokens, so the
8+
# .npmrc must not declare an _authToken. Strip the line that actions/setup-node
9+
# wrote so yarn parses a clean config and npm falls through to the OIDC flow.
10+
if [ -n "${NPM_CONFIG_USERCONFIG:-}" ] && [ -f "$NPM_CONFIG_USERCONFIG" ]; then
11+
sed -i '/_authToken=/d' "$NPM_CONFIG_USERCONFIG"
12+
fi
713
fi
814

915
yarn install --frozen-lockfile

0 commit comments

Comments
 (0)