Skip to content
Publish test package to NPM

oicd #200

Sign in to view logs

oicd

oicd #200

Workflow file for this run

.github/workflows/test.yml at d7069a6
name: Publish test package to NPM
on:
push:
branches:
- main
jobs:
publish:
runs-on: ubuntu-latest
timeout-minutes: 5
defaults:
run:
working-directory: ./
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
registry-url: 'https://registry.npmjs.org'
- name: Install dependencies
run: npm install
- name: Run publish command
id: publish
run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" --version+hash --tag github --version+tag --create-tag "test/" --llm-api-key "${{ secrets.LLM_API_KEY }}"
- name: Print output
run: |
echo "Package version: ${{ steps.publish.outputs.package-version }}"
- name: Run publish without tag
run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" --version+hash
- name: Run publish without commit hash
run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}"
- name: Just add a tag
run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --access-token "${{ secrets.NPM_TOKEN }}" --tag github-2
# OIDC-based publishing (Trusted Publishing)
# NOTE: First publish of a package MUST use --access-token. OIDC only works for existing packages.
#
# To enable OIDC for this package:
# 1. Ensure the package exists on npmjs.com (publish once with --access-token)
# 2. Go to https://www.npmjs.com/package/publish-helper-test-package/access
# 3. Click "Settings" → "Trusted Publisher" → "GitHub Actions"
# 4. Configure: owner (needle-tools), repository (npm-publish-helper), workflow (test.yml)
publish-oidc:
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
contents: read
id-token: write # Required for OIDC authentication
defaults:
run:
working-directory: ./
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '22'
# Note: Do NOT set registry-url here for OIDC - it creates .npmrc expecting NODE_AUTH_TOKEN
# which conflicts with OIDC. Let npm use its default registry.
- name: Update npm to latest (OIDC requires npm >= 11.5)
run: |
echo "Current npm version: $(npm --version)"
npm install -g npm@latest
echo "Updated npm version: $(npm --version)"
- name: Check environment for OIDC
run: |
echo "=== Node/npm versions ==="
echo "npm version: $(npm --version)"
echo "node version: $(node --version)"
echo ""
echo "=== OIDC Environment Variables ==="
echo "GITHUB_ACTIONS: $GITHUB_ACTIONS"
echo "ACTIONS_ID_TOKEN_REQUEST_URL: ${ACTIONS_ID_TOKEN_REQUEST_URL:-(not set)}"
echo "ACTIONS_ID_TOKEN_REQUEST_TOKEN: ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:+****(set)}"
echo ""
echo "=== Token Environment Variables (should be unset for OIDC) ==="
echo "NPM_TOKEN: ${NPM_TOKEN:-(not set)}"
echo "NODE_AUTH_TOKEN: ${NODE_AUTH_TOKEN:-(not set)}"
echo ""
echo "=== npmrc contents (if any) ==="
cat ~/.npmrc 2>/dev/null || echo "(no ~/.npmrc)"
cat .npmrc 2>/dev/null || echo "(no ./.npmrc)"
echo ""
echo "=== npm config list ==="
npm config list
- name: Install dependencies
run: npm install
- name: Test direct npm publish with OIDC (debug)
working-directory: ./test
continue-on-error: true
run: |
echo "Testing direct npm publish with --provenance..."
npm version 2.0.0-oidc-direct-test.$(git rev-parse --short HEAD) --no-git-tag-version
npm publish --access public --provenance --tag oidc-direct --dry-run || echo "Direct test failed"
- name: Run publish with OIDC
id: publish-oidc
run: npx . publish "./test" --webhook "${{ secrets.DISCORD_WEBHOOK_TEST_RELEASE }}" --oidc --version+hash --tag oidc --version+tag
- name: Print output
run: |
echo "Package version: ${{ steps.publish-oidc.outputs.package-version }}"