docs(release-secrets): document sqlrite-notes trusted publisher + Repository-field gotcha (SQLR-13)#157
Merged
Merged
Conversation
…ository-field gotcha (SQLR-13) The sqlrite-notes npm trusted publisher had its Repository field set to the package's npmjs access-page URL instead of the bare repo name, so the OIDC subject claim (repo:joaoh82/rust_sqlite:environment:release) never matched the record and every publish-notes-example run failed with "OIDC token exchange error - package not found". It only surfaced once #156 made the release idempotent and a re-dispatch finally attempted the first-ever sqlrite-notes publish. - §3c: mark the trusted publisher resolved (first shipped at 0.11.0) and add a gotcha callout — set Repository to exactly `rust_sqlite`, no owner prefix, no URL. - §3b: strengthen the canonical Repository-field note to warn against pasting a URL (not just the owner-prefixed form), pointing at §3c. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Closes the documentation half of SQLR-13 (npm trusted publisher for the
sqlrite-notesexample).The trusted publisher itself is now configured and working —
sqlrite-notes@0.11.0shipped via OIDC after the fix. This PR records what was wrong and how to avoid it, so the next person setting up an npm trusted publisher doesn't re-debug it.Why
The
sqlrite-notestrusted-publisher Repository field had been set to the package's npmjs access-page URL (https://www.npmjs.com/package/sqlrite-notes/access) instead of the bare repo namerust_sqlite. The OIDC subject claim the workflow sends isrepo:joaoh82/rust_sqlite:environment:release, so it never matched the record, and everypublish-notes-examplerun failed with the misleadingOIDC token exchange error - package not found.It stayed hidden because the release wave always died earlier and never reached the notes job — it only surfaced once #156 made the release idempotent and a re-dispatch finally attempted the first-ever
sqlrite-notespublish.Changes (
docs/release-secrets.md)sqlrite-notestrusted publisher resolved (first shipped at 0.11.0) + add a gotcha callout: set Repository to exactlyrust_sqlite, no owner prefix, no URL.Docs-only; no code or workflow changes.
🤖 Generated with Claude Code