Skip to content

Switch to npm publish for OIDC trusted publishing#77

Merged
jkebinger merged 1 commit intomainfrom
use-npm-publish-for-oidc
Nov 20, 2025
Merged

Switch to npm publish for OIDC trusted publishing#77
jkebinger merged 1 commit intomainfrom
use-npm-publish-for-oidc

Conversation

@jkebinger
Copy link
Copy Markdown
Contributor

@jkebinger jkebinger commented Nov 20, 2025

Summary

Switches from yarn npm publish to npm publish for OIDC trusted publishing support.

Problem

Despite Yarn 4.10.3 claiming to support OIDC authentication, it consistently fails with:

YN0033: No authentication configured for request

Debug output confirmed all required environment variables are set:

  • CI=true
  • GITHUB_ACTIONS=true
  • ACTIONS_ID_TOKEN_REQUEST_URL is set
  • ACTIONS_ID_TOKEN_REQUEST_TOKEN is set
  • ✅ Yarn 4.10.3 is running

Yet Yarn's OIDC authentication still fails.

Solution

Use npm publish directly, which has mature and working OIDC trusted publishing support:

  • Upgrade npm from 11.4.2 → latest (11.5.1+)
  • npm 11.5.1+ automatically uses OIDC for authentication when id-token: write is set
  • Works with the trusted publishing already configured on npmjs.com

Changes

  • Remove debug output steps
  • Add npm upgrade step
  • Switch from yarn npm publish to npm publish
  • Update comments to explain the choice

Test Plan

After merging:

  • Push to main will trigger publish workflow
  • Should successfully publish 0.0.9 to npm with provenance
  • No npm tokens required

🤖 Generated with Claude Code

@jkebinger @claude
Switch to npm publish for OIDC trusted publishing
b5addb4 
Yarn 4.10.3's OIDC support is not working despite having all required
environment variables set correctly. Switch to using npm CLI directly,
which has mature OIDC trusted publishing support.

Changes:
- Remove debug output (no longer needed)
- Add npm upgrade step to ensure npm >= 11.5.1
- Switch from "yarn npm publish" to "npm publish"
- npm 11.5.1+ supports OIDC authentication automatically

This will work with the trusted publishing configuration already set
up on npmjs.com for @reforge-com/cli.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
jdwyah
jdwyah approved these changes Nov 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jdwyah jdwyah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@jkebinger jkebinger enabled auto-merge (squash) November 20, 2025 22:02
@jkebinger jkebinger merged commit 391d773 into main Nov 20, 2025
6 checks passed
@jkebinger jkebinger deleted the use-npm-publish-for-oidc branch November 20, 2025 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdwyah jdwyah jdwyah approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkebinger @jdwyah