Skip to content

fix(ci): update publish workflow to use NPM_TOKEN authentication#141

Merged
mttrbrts merged 1 commit into
mainfrom
fix/publish-workflow-npm-token
May 7, 2026
Merged

fix(ci): update publish workflow to use NPM_TOKEN authentication#141
mttrbrts merged 1 commit into
mainfrom
fix/publish-workflow-npm-token

Conversation

@mttrbrts
Copy link
Copy Markdown
Member

@mttrbrts mttrbrts commented May 7, 2026

Summary

  • Fix failing publish workflow by removing invalid --yes and --exact flags from npm version command
  • Switch from OIDC provenance to NPM_TOKEN secret authentication (matches concerto-cli)
  • Add contents:write and pull-requests:write permissions
  • Add step to automatically create PR for version increment after publish

Test plan

  • Verify NPM_TOKEN secret is configured in the repository
  • Create a test release to validate the workflow

🤖 Generated with Claude Code

@mttrbrts @claude
fix(ci): update publish workflow to use NPM_TOKEN authentication
cf42d37 
- Remove invalid --yes and --exact flags from npm version command
- Switch from OIDC provenance to NPM_TOKEN secret authentication
- Add contents:write and pull-requests:write permissions
- Add step to create PR for version increment after publish

Mirrors the working publish workflow from accordproject/concerto-cli.

Co-Authored-By: Claude Opus 4.5 (1M context) <noreply@anthropic.com>
@mttrbrts mttrbrts requested review from a team and Copilot May 7, 2026 09:32
@mttrbrts mttrbrts merged commit 7ad71bb into main May 7, 2026
11 checks passed
@mttrbrts mttrbrts deleted the fix/publish-workflow-npm-token branch May 7, 2026 09:32
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the npm publish GitHub Actions workflow to unblock releases by adjusting the npm version/publish commands, switching authentication to an NPM_TOKEN secret, and adding automation to open a follow-up PR after publishing.

Changes:

  • Remove invalid flags from the npm version invocation and drop provenance-based publishing.
  • Authenticate to npm using NPM_TOKEN and broaden workflow permissions to enable repo/PR writes.
  • Add a peter-evans/create-pull-request step to open a PR after publish.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/npm-publish.yml
@@ -7,6 +7,8 @@ on:

permissions:
id-token: write # Required for OIDC / npmjs publish
Comment thread .github/workflows/npm-publish.yml
Comment on lines +46 to +50
- name: build and publish
run: |
npm version --no-git-tag-version --yes --exact ${{ github.event.release.tag_name }}
npm publish --access public --provenance ${{ steps.tag.outputs.tag }} 2>&1
npm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}
npm version --no-git-tag-version ${{ github.event.release.tag_name }}
npm publish --access public ${{ steps.tag.outputs.tag }} 2>&1
Comment thread .github/workflows/npm-publish.yml
Comment on lines +52 to +66
- name: Create PR to increment version
uses: peter-evans/create-pull-request@v8
with:
base: main
commit-message: 'chore(actions): publish ${{ github.event.release.tag_name }} to npm'
committer: GitHub <noreply@github.com>
author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
signoff: true
branch: ap-publish-${{ github.event.release.tag_name }}
delete-branch: true
title: 'chore(actions): publish ${{ github.event.release.tag_name }} to npm'
body: |
# Increment Versions
Update the package.json version numbers after publishing to NPM.
assignees: ${{ github.actor }}
@coveralls
Copy link
Copy Markdown

coveralls commented May 7, 2026

Coverage Report for CI Build 25487779738

Warning

Build has drifted: This PR's base is out of sync with its target branch, so coverage data may include unrelated changes.
Quick fix: rebase this PR. Learn more →

Coverage remained the same at 63.844%

Details

  • Coverage remained the same as the base build.
  • Patch coverage: No coverable lines changed in this PR.
  • No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

Coverage Stats

Coverage Status
Relevant Lines: 1128
Covered Lines: 719
Line Coverage: 63.74%
Relevant Branches: 537
Covered Branches: 344
Branch Coverage: 64.06%
Branches in Coverage %: Yes
Coverage Strength: 5723.47 hits per line
💛 - Coveralls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mttrbrts @coveralls