Commit 8eb18c2
authored
ci(publish): clear npm tokens for trusted publishing (#198)
Clear NODE_AUTH_TOKEN and NPM_TOKEN on the npm publish steps so npm uses
GitHub OIDC trusted publishing instead of an injected token from
setup-node.
The failed autoevals@0.3.0 release had a NODE_AUTH_TOKEN present during
npm publish, which caused npm to attempt token-based publishing and
return a misleading 404 for the package. This mirrors the working
publish setup in braintrust-sdk-javascript while preserving provenance
publishing for both stable and prerelease releases.1 parent f372f07 commit 8eb18c2
1 file changed
Lines changed: 6 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
146 | 146 | | |
147 | 147 | | |
148 | 148 | | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
149 | 152 | | |
150 | 153 | | |
151 | 154 | | |
152 | 155 | | |
| 156 | + | |
| 157 | + | |
| 158 | + | |
153 | 159 | | |
154 | 160 | | |
155 | 161 | | |
| |||
0 commit comments