modify release.yml to include new npm granular access token #175
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -1,25 +1,23 @@ | ||||||||||||||||||||||||||||||||||
| name: release | ||||||||||||||||||||||||||||||||||
| on: | ||||||||||||||||||||||||||||||||||
| release: | ||||||||||||||||||||||||||||||||||
| types: [created] | ||||||||||||||||||||||||||||||||||
| env: | ||||||||||||||||||||||||||||||||||
| NODE_JS_VERSION: 20.19.5 | ||||||||||||||||||||||||||||||||||
| jobs: | ||||||||||||||||||||||||||||||||||
| release: | ||||||||||||||||||||||||||||||||||
| runs-on: ubuntu-latest | ||||||||||||||||||||||||||||||||||
| permissions: | ||||||||||||||||||||||||||||||||||
| contents: read | ||||||||||||||||||||||||||||||||||
| id-token: write # Required for OIDC | ||||||||||||||||||||||||||||||||||
| steps: | ||||||||||||||||||||||||||||||||||
| - uses: actions/checkout@v4 | ||||||||||||||||||||||||||||||||||
| - uses: actions/setup-node@v4 | ||||||||||||||||||||||||||||||||||
| with: | ||||||||||||||||||||||||||||||||||
| node-version: ${{ env.NODE_JS_VERSION }} | ||||||||||||||||||||||||||||||||||
| registry-url: 'https://registry.npmjs.org' | ||||||||||||||||||||||||||||||||||
| - run: npm ci | ||||||||||||||||||||||||||||||||||
| - run: yarn prepare | ||||||||||||||||||||||||||||||||||
|
Comment on lines
+19
to
20
There was a problem hiding this comment. [REFACTORING] This workflow mixes package managers: it runs npm ci (line 17) then yarn prepare (line 18). Mixing npm and yarn can cause inconsistent dependency resolution (different lockfiles, caches). Choose one install strategy and keep steps consistent: either run npm ci && npm run prepare (if prepare script exists) or use yarn install --frozen-lockfile && yarn prepare. Also align with other workflows (ci.yml uses yarn install) to avoid environment drift. - uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_JS_VERSION }}
registry-url: 'https://registry.npmjs.org'
- run: yarn install --frozen-lockfile
- run: yarn prepare
- run: npm publish --access public --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # Granular token |
||||||||||||||||||||||||||||||||||
| - run: npm publish --access public --provenance | ||||||||||||||||||||||||||||||||||
|
Comment on lines
+19
to
+21
There was a problem hiding this comment. Inconsistent package manager: Line 17 switches to
This is likely an incomplete migration from yarn to npm. Apply one of the following fixes: Option 1: Replace yarn with npm equivalent (recommended) - run: npm ci
- - run: yarn prepare
+ - run: npm run prepare
- run: npm publish --access public --provenanceOption 2: Revert to yarn-based approach - - run: npm ci
+ - run: yarn install --frozen-lockfile
- run: yarn prepare
- run: npm publish --access public --provenance📝 Committable suggestion
Suggested change
Suggested change
🤖 Prompt for AI Agents
coderabbitai[bot] marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||||||||||||||||||||||||
| env: | ||||||||||||||||||||||||||||||||||
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} # Granular token | ||||||||||||||||||||||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[CRITICAL_BUG] The step uses node-version: ${{ env.NODE_JS_VERSION }} but the global env: NODE_JS_VERSION was removed in this change. This will make actions/setup-node receive an empty/undefined value and likely fail. Restore the env block (env: NODE_JS_VERSION: 20.19.5) at the top of the workflow or replace the reference with a concrete value (e.g. node-version: '20.19.5') so the runner has a deterministic Node version.