Skip to content

ci(release-npm): preflight npm-auth check (loud-fail on bad/expired token)#342

Merged
avrabe merged 1 commit into
mainfrom
ci/npm-preflight-guard
May 30, 2026
Merged

ci(release-npm): preflight npm-auth check (loud-fail on bad/expired token)#342
avrabe merged 1 commit into
mainfrom
ci/npm-preflight-guard

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented May 30, 2026

Summary

The npm channel silently froze at 0.10.1 for ~6 releases: NPM_TOKEN expired, then was replaced with a classic Publish token that fails under the org's 2FA-on-publish with EOTP — and the only signal was a per-package npm publish E404/EOTP crash deep in the job.

Adds a npm whoami preflight right after setup-node in both publish jobs. A bad/expired/wrong-type token now fails immediately with a labeled ::error:: telling the maintainer exactly what to do (mint an Automation or granular read-write token), instead of a cryptic per-platform publish failure.

Same F2 "loud-fail over silent-success" principle rivet's own validators enforce.

Test plan

  • YAML parses; both jobs carry the step.
  • CI (the workflow only fires on workflow_run/tag; this PR's CI just lints).
  • Next release exercises it end-to-end.

Refs: REQ-068

🤖 Generated with Claude Code

@avrabe
ci(release-npm): preflight npm-auth check (loud-fail on bad/expired t…
067b00e 
…oken)

The npm channel silently froze at 0.10.1 for ~6 releases because
NPM_TOKEN expired, then was replaced with a classic *Publish* token
that fails under the org's 2FA-on-publish with EOTP — and the only
signal was a per-package `npm publish` E404/EOTP crash deep in the job.

Add a `npm whoami` preflight right after setup-node in both publish
jobs. A bad/expired/wrong-type token now fails immediately with a
labeled ::error:: telling the maintainer exactly what to do
(Automation or granular read-write token), instead of a cryptic
per-platform publish failure. F2 loud-fail-over-silent-success ethos —
the same principle rivet's own validators enforce.

Refs: REQ-068
github-actions[bot]
github-actions Bot reviewed May 30, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.

Benchmark suite Current: 067b00e Previous: 02784db Ratio
traceability_matrix/1000 60591 ns/iter (± 237) 43650 ns/iter (± 2392) 1.39
query/1000 8662 ns/iter (± 308) 6620 ns/iter (± 193) 1.31
query/10000 123674 ns/iter (± 2093) 98130 ns/iter (± 941) 1.26
document_parse/100 176091 ns/iter (± 1156) 145284 ns/iter (± 642) 1.21

This comment was automatically generated by workflow using github-action-benchmark.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 30, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@avrabe avrabe merged commit 197134d into main May 30, 2026
20 of 38 checks passed
@avrabe avrabe deleted the ci/npm-preflight-guard branch May 30, 2026 05:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe