Skip to content

Commit d0b3ee4

Browse files
ci(sdk): fix release script
1 parent d30c6a5 commit d0b3ee4

1 file changed

Lines changed: 9 additions & 3 deletions

File tree

.github/workflows/release-sdk.yml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,13 @@ jobs:
2929
# No `registry-url:` here on purpose. setup-node's registry-url writes
3030
# an .npmrc with `_authToken=${NODE_AUTH_TOKEN}` and exports
3131
# NODE_AUTH_TOKEN as the literal sentinel `XXXXX-XXXXX-XXXXX-XXXXX`.
32-
# pnpm then sends that sentinel as a bearer token and skips OIDC
33-
# entirely, so the publish PUT comes back as 404.
32+
# npm/pnpm then send that sentinel as a bearer token and skip OIDC
33+
# entirely, so the publish PUT comes back as 404. Node 24 ships npm
34+
# 11.x which performs the Trusted Publisher OIDC exchange natively
35+
# when no token is configured.
3436
uses: actions/setup-node@v4
3537
with:
36-
node-version: 22
38+
node-version: 24
3739

3840
- name: Enable Corepack
3941
run: npm i -g corepack@latest
@@ -89,6 +91,10 @@ jobs:
8991
# Authenticates via npm Trusted Publisher (OIDC). No NPM_TOKEN.
9092
# Requires the package to have GitHub Actions trusted publishing
9193
# configured on npmjs.com pointing at this workflow file.
94+
# Uses `pnpm publish` (never plain `npm publish`) so that pnpm-only
95+
# protocols in packages/sdk/package.json — `catalog:` for shared
96+
# versions, `workspace:*` for sibling packages — are resolved into
97+
# real version specifiers before the tarball is produced.
9298
if: steps.check-version.outputs.already_published == 'false'
9399
run: pnpm --filter @workflowbuilder/sdk publish --no-git-checks --access public --provenance
94100

0 commit comments

Comments
 (0)