Skip to content

Fix publish workflow for npm OIDC trusted publishing#55

Merged
parvardegr merged 3 commits into
mainfrom
copilot/fix-publish-job
Jun 17, 2026
Merged

Fix publish workflow for npm OIDC trusted publishing#55
parvardegr merged 3 commits into
mainfrom
copilot/fix-publish-job

Conversation

Copilot AI commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

The publish GitHub Actions job was failing during npm publish with a registry E404, despite building the package tarball correctly. The workflow's publish job was missing the environment property required for npm's OIDC trusted publisher authentication.

  • Root cause

    • The publish job in .github/workflows/publish.yml lacked an environment property, so the OIDC token claims did not match the npm trusted publisher configuration, causing npm to reject the publish with E404.
  • Workflow change

    • Added environment: release to the publish job so the OIDC token claims include the correct environment, allowing npm to verify the trusted publisher link and authenticate the publish request automatically — no NODE_AUTH_TOKEN or manual npm secret needed.
  • Scope

    • Single-file workflow-only change in .github/workflows/publish.yml (no runtime/package logic changes).
publish:
    needs: test
    runs-on: ubuntu-latest
    environment: release
    permissions:
      contents: read
      id-token: write

Note: A GitHub environment named release must exist in the repository settings (Settings → Environments), and the npm trusted publisher configuration must use release as the environment name.

Copilot AI changed the title [WIP] Fix failing GitHub Actions job 'publish' Ensure npm auth token is explicitly wired in publish workflow Jun 16, 2026
Copilot AI requested a review from parvardegr June 16, 2026 13:21
@parvardegr

Copy link
Copy Markdown
Owner

@copilot i am using the new npm trusted publisher, and i've added this repo as trusted publisher, fix the issue based on that, read the docssss

Copilot AI commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

@copilot i am using the new npm trusted publisher, and i've added this repo as trusted publisher, fix the issue based on that, read the docssss

Reverted the NODE_AUTH_TOKEN approach — not needed with OIDC trusted publishers. The root cause of the E404 was the missing environment property on the publish job. npm requires the OIDC token claims to include the environment name matching your trusted publisher configuration.

Added environment: release to the publish job. If you configured a different environment name in your npm trusted publisher settings, update it to match. You'll also need a GitHub environment called release in your repo settings (Settings → Environments → New environment → "release").

Commit: cc52cfa

Copilot AI changed the title Ensure npm auth token is explicitly wired in publish workflow Fix publish workflow for npm OIDC trusted publishing Jun 16, 2026
@parvardegr parvardegr marked this pull request as ready for review June 17, 2026 04:23
@parvardegr parvardegr merged commit 7d7c895 into main Jun 17, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants