Skip to content

Commit 8c8bcb0

Browse files
AlexMikhalevclaude
andcommitted
fix(ci): remove NPM_TOKEN for OIDC trusted publishing
With OIDC trusted publishing configured on npm, no token is needed. GitHub Actions authenticates via OIDC provenance. Terraphim AI Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1 parent 52d3656 commit 8c8bcb0

1 file changed

Lines changed: 1 addition & 2 deletions

File tree

.github/workflows/publish-bun.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -461,7 +461,6 @@ jobs:
461461
- name: Publish to npm (works with Bun)
462462
env:
463463
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
464-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
465464
run: |
466465
if [[ "${{ inputs.dry_run }}" == "true" ]]; then
467466
echo "Dry run mode - checking package only"
@@ -470,7 +469,7 @@ jobs:
470469
echo "Publishing @terraphim/autocomplete to npm (Bun-compatible)"
471470
echo "Tag: ${{ steps.strategy.outputs.npm_tag }}"
472471
473-
# Publish with provenance
472+
# Publish with OIDC provenance (no token needed - trusted publishing)
474473
npm publish --access public --tag ${{ steps.strategy.outputs.npm_tag }} --provenance --ignore-scripts
475474
476475
echo "Package published successfully! (Bun users can install with: bun add @terraphim/autocomplete)"

0 commit comments

Comments
 (0)