1818
1919permissions :
2020 contents : read
21+ id-token : write
2122
2223jobs :
2324 publish-npm :
3637 - name : Setup Node.js
3738 uses : actions/setup-node@v4
3839 with :
39- node-version : ' 22 '
40+ node-version : ' 20 '
4041 registry-url : ' https://registry.npmjs.org'
4142
4243 - name : Install dependencies
@@ -45,12 +46,42 @@ jobs:
4546 - name : Build TypeScript package
4647 run : npm run build
4748
49+ - name : Preflight OIDC availability
50+ run : |
51+ if [ -z "${ACTIONS_ID_TOKEN_REQUEST_URL:-}" ]; then
52+ echo "OIDC token request URL is missing (check id-token: write permissions)."
53+ exit 1
54+ fi
55+ echo "OIDC environment is available."
56+
57+ name : OIDC token check
58+ run : |
59+ if [ -z "${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-}" ]; then
60+ echo "OIDC request token is missing (check id-token: write permissions)."
61+ exit 1
62+ fi
63+ curl -fsS -H "Authorization: bearer ${ACTIONS_ID_TOKEN_REQUEST_TOKEN}" \
64+ "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=npm:registry.npmjs.org" > /tmp/oidc.json
65+ echo "OIDC token fetch OK"
66+
4867name : Publish to npm
4968 id : npm_publish
5069 working-directory : packages/flarelette-jwt-ts
51- env :
52- NODE_AUTH_TOKEN : ' '
53- run : npm publish --provenance --access public
70+ run : |
71+ unset NODE_AUTH_TOKEN
72+ if [ -n "${NPM_CONFIG_USERCONFIG:-}" ] && [ -f "${NPM_CONFIG_USERCONFIG}" ]; then
73+ rm -f "${NPM_CONFIG_USERCONFIG}"
74+ fi
75+ npm publish --provenance --access public --registry=https://registry.npmjs.org
76+
77+ name : Upload npm debug logs (on failure)
78+ if : failure() && steps.npm_publish.outcome == 'failure'
79+ uses : actions/upload-artifact@v4
80+ with :
81+ name : npm-debug-logs
82+ path : /home/runner/.npm/_logs/*
83+ if-no-files-found : warn
84+ retention-days : 14
5485
5586 - name : Upload npm debug logs (on failure)
5687 if : failure() && steps.npm_publish.outcome == 'failure'
0 commit comments