fix(ci): add registry-url for npm OIDC trusted publishing#756
Merged
kovtcharov-amd merged 1 commit intomainfrom Apr 11, 2026
Merged
fix(ci): add registry-url for npm OIDC trusted publishing#756kovtcharov-amd merged 1 commit intomainfrom
kovtcharov-amd merged 1 commit intomainfrom
Conversation
npm OIDC trusted publishing requires npm 11.5.1+ (#683). Node 22 ships with npm 10.x which can't authenticate via OIDC, and `npm install -g npm@latest` on Node 22 runners corrupts npm's own dependencies. Fix: use Node 24 which ships with npm 11+ natively. No npm upgrade step needed, no registry-url needed — npm 11 handles OIDC auth directly with `id-token: write` + `environment: npm` + `--provenance`. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
kovtcharov
force-pushed
the
kalin/fix-npm-registry-url
branch
2 times, most recently
from
4453620 to
bb3eb7f
Compare
kovtcharov-amd
approved these changes
Apr 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ENEEDAUTHin npm publish: https://github.com/amd/gaia/actions/runs/24280576961setup-nodewithoutregistry-urlnever creates the.npmrcthat mapsNODE_AUTH_TOKENto the npm registry. npm's OIDC trusted publishing needs this to authenticate.publish-npm-ui.ymlwas never actually run (zero successful runs in history) — v0.17.0 and v0.17.1 were published outside CI. So the old workflow's lack ofregistry-urlwas an untested bug too.registry-url: 'https://registry.npmjs.org'tosetup-node.Test plan
🤖 Generated with Claude Code