Skip to content

Commit be74dd9

Browse files
steveyeggeclaude
andcommitted
fix: remove stale NPM_TOKEN from release workflow, add deployment docs
npm uses OIDC trusted publishing -- no secret needed. The workflow already had id-token: write but was still referencing the nonexistent NPM_TOKEN secret, causing every release npm publish to fail. Also adds Deployment Artifacts section to architecture.md documenting all distribution channels and what the binary embeds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 51a46a8 commit be74dd9

File tree

2 files changed

+52
-2
lines changed

2 files changed

+52
-2
lines changed

.github/workflows/release.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,6 @@ jobs:
6464
run: npm install -g npm@latest
6565

6666
- name: Publish to npm
67-
env:
68-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
6967
run: |
7068
cd npm-package
7169
npm publish --access public --provenance

docs/design/architecture.md

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -266,6 +266,58 @@ Stages 1-3 are automated today. Stages 4-6 are being shipped via Dog automation
266266

267267
See [dolt-storage.md](dolt-storage.md) for full details.
268268

269+
## Deployment Artifacts
270+
271+
Gas Town and Beads are distributed through multiple channels. Tag pushes (`v*`)
272+
trigger GitHub Actions release workflows that build and publish everything.
273+
274+
### Gas Town (`gt`)
275+
276+
| Channel | Artifact | Trigger |
277+
|---------|----------|---------|
278+
| **GitHub Releases** | Platform binaries (darwin/linux/windows, amd64/arm64) + checksums | GoReleaser on tag push |
279+
| **Homebrew** | `brew install steveyegge/gastown/gt` — formula auto-updated on release | `update-homebrew` job pushes to `steveyegge/homebrew-gastown` |
280+
| **npm** | `npx @gastown/gt` — wrapper that downloads the correct binary | OIDC trusted publishing (no token) |
281+
| **Local build** | `go build -o $(go env GOPATH)/bin/gt ./cmd/gt` | Manual |
282+
283+
### Beads (`bd`)
284+
285+
| Channel | Artifact | Trigger |
286+
|---------|----------|---------|
287+
| **GitHub Releases** | Platform binaries + checksums | GoReleaser on tag push |
288+
| **Homebrew** | `brew install steveyegge/beads/bd` | `update-homebrew` job |
289+
| **npm** | `npx @beads/bd` — wrapper that downloads the correct binary | OIDC trusted publishing (no token) |
290+
| **PyPI** | `beads-mcp` — MCP server integration | `publish-pypi` job with `PYPI_API_TOKEN` secret |
291+
| **Local build** | `go build -o $(go env GOPATH)/bin/bd ./cmd/bd` | Manual |
292+
293+
### npm Authentication
294+
295+
Both repos use **OIDC trusted publishing** — no `NPM_TOKEN` secret needed.
296+
Authentication is handled by GitHub's OIDC provider. The workflow needs:
297+
298+
```yaml
299+
permissions:
300+
id-token: write # Required for npm trusted publishing
301+
```
302+
303+
Configure on npmjs.com: Package Settings → Trusted Publishers → link to the
304+
GitHub repo and `release.yml` workflow file.
305+
306+
### What the binary embeds
307+
308+
The Go binary is the primary distribution vehicle. It embeds:
309+
- **Role templates** — Agent priming context, served by `gt prime`
310+
- **Formula definitions** — Workflow molecules, served by `bd mol`
311+
- **Doctor checks** — Health diagnostics, including migration checks
312+
- **Default configs** — `daemon.json` lifecycle defaults, operational thresholds
313+
314+
This means upgrading the binary automatically propagates most fixes. Files that
315+
are NOT embedded (and require `gt doctor` or `gt upgrade` to update):
316+
- Town-root `CLAUDE.md` (created at `gt install` time)
317+
- `daemon.json` patrol entries (created at install, extended by `EnsureLifecycleDefaults`)
318+
- Claude Code hooks (`.claude/settings.json` managed sections)
319+
- Dolt schema (migrations run on first `bd` command after upgrade)
320+
269321
## See Also
270322

271323
- [dolt-storage.md](dolt-storage.md) - Dolt storage architecture

0 commit comments

Comments
 (0)