Skip to content

Commit 85f0436

Browse files
joborduopen-swe[bot]
andauthored
ci(debug): add OIDC preflight diagnostics to the publish step (npm version/registry/token-url/.npmrc) (#364)
Co-authored-by: open-swe[bot] <jonathan@jonathanborduas.com>
1 parent 7b9a784 commit 85f0436

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

.github/workflows/publish.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,16 @@ jobs:
139139
if [ "$CURRENT" != "${{ needs.context.outputs.version }}" ]; then
140140
npm version "${{ needs.context.outputs.version }}" --no-git-tag-version
141141
fi
142+
- name: OIDC preflight diagnostics
143+
run: |
144+
echo "node: $(node --version)"
145+
echo "npm : $(npm --version) (need >= 11.5.1 for trusted publishing)"
146+
echo "which npm: $(which npm)"
147+
echo "registry: $(npm config get registry)"
148+
echo "OIDC token URL present: ${ACTIONS_ID_TOKEN_REQUEST_URL:+yes}${ACTIONS_ID_TOKEN_REQUEST_URL:-NO}"
149+
echo "--- effective .npmrc (auth redacted) ---"
150+
npm config get userconfig
151+
cat "$(npm config get userconfig)" 2>/dev/null | sed 's/\(_authToken=\).*/\1<redacted>/' || echo "(no userconfig .npmrc)"
142152
# No NODE_AUTH_TOKEN and no --provenance: OIDC is auto-detected and provenance
143153
# is attached automatically when publishing via a trusted publisher.
144154
- name: Publish via OIDC trusted publisher

0 commit comments

Comments
 (0)