From 1f8638a98a6ee4b42aa682fa331c2d4ac38df7cc Mon Sep 17 00:00:00 2001 From: Tejas Kashinath Date: Thu, 19 Feb 2026 17:30:24 -0500 Subject: [PATCH] fix: upgrade npm for OIDC trusted publishing - Upgrade Node.js to 22.x and add npm upgrade to ensure 11.5.1+ (required for OIDC trusted publishing) - Add --tag latest for prerelease versions (npm 11.5.1+ requires it) - Clean up permissions comments Co-Authored-By: Claude Opus 4.6 --- .github/workflows/release.yml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a1975b5..e84d2e3c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -284,8 +284,8 @@ jobs: name: npm-publish url: https://www.npmjs.com/package/@aws/agentcore permissions: - contents: write - id-token: write + id-token: write # Required for OIDC trusted publishing + contents: write # Required to push git tags steps: - name: Checkout latest main (AFTER PR merge) @@ -305,10 +305,16 @@ jobs: - name: Setup Node.js uses: actions/setup-node@v4 with: - node-version: 20.x + node-version: 22.x cache: 'npm' registry-url: 'https://registry.npmjs.org' + - name: Ensure npm 11.5.1+ for trusted publishing + run: | + echo "Current npm version: $(npm --version)" + npm install -g npm@latest + echo "Updated npm version: $(npm --version)" + - name: Download artifacts uses: actions/download-artifact@v4 with: @@ -350,8 +356,11 @@ jobs: - name: Build package run: npm run build - - name: Publish to npm - run: npm publish --access=public --provenance + - name: Publish to npm (using OIDC trusted publishing) + run: | + echo "Publishing with OIDC trusted publishing..." + echo "No NPM_TOKEN needed - using GitHub OIDC" + npm publish --access public --provenance --tag latest - name: Create and push tag env: