fix(ci): use npm-publish environment in release job#168
Conversation
Make env-scoped NPM_TOKEN available in release job. Add explicit npm auth preflight to fail fast.
iamfj
force-pushed
the
fix/release-npm-publish-environment
branch
from
ffaaedb to
0339929
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ffaaedb8f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| publishCmd: | ||
| 'npx clean-publish --access public --tag $( [ "$GITHUB_REF_NAME" = "next" ] && echo next || echo latest ) -- --provenance', | ||
| }, | ||
| { publishCmd: "npx clean-publish --access public -- --provenance" }, |
There was a problem hiding this comment.
This config enables prereleases on the next branch (branches: ["main", { name: "next", prerelease: "next" }]), but the publish command does not pass any npm tag. npm publish uses the configured tag (default latest; confirmed via npm config get tag, and npm publish --help shows [--tag <tag>]), so next prereleases can be published as latest and become the default install for users. The publish step should set a channel-aware dist-tag (e.g., next for prereleases).
Useful? React with 👍 / 👎.
1 participant
Summary
releasejob tonpm-publishenvironment so environment secretNPM_TOKENresolvestest -n NODE_AUTH_TOKEN+npm whoami) before semantic-releaseRoot cause
NPM_TOKENwas configured as an environment secret, but the job did not declareenvironment: npm-publish, soNODE_AUTH_TOKENwas empty in the release step.Validation
NODE_AUTH_TOKENempty inRun semantic-release