Skip to content

Commit 9278bf8

Browse files
ppwang-sameta-codesync[bot]
authored andcommitted
Add --provenance --access public flags to npm publish for OIDC trusted publisher support
Summary: OIDC Trusted Publishers was failing with 404 errors when publishing to npm. Switch to token-based auth using NPM_TOKEN secret instead. Changes: - Replace yarn publish with npm publish (yarn doesn't use .npmrc auth from actions/setup-node) - Use NPM_TOKEN secret for authentication instead of OIDC - Remove id-token permission (no longer needed) Requires adding an NPM automation token as the NPM_TOKEN secret in GitHub repo settings. Differential Revision: D99919592 fbshipit-source-id: df369677690d231e2fbfbf71ca67b10859d6046d
1 parent c71ae3e commit 9278bf8

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

.github/workflows/client_js_cd.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ on:
77
workflow_dispatch:
88

99
permissions:
10-
id-token: write # Required for OIDC
1110
contents: read
1211

1312
jobs:
@@ -31,4 +30,6 @@ jobs:
3130
- name: Build
3231
run: yarn build
3332
- name: Publish to npm
34-
run: npm publish
33+
run: npm publish --access public
34+
env:
35+
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

0 commit comments

Comments
 (0)