docs(README): fix yml files for OIDC auth

navateja-alagam · navateja-alagam · commit de7bd4965fa9 · 2026-01-19T10:07:44.000+05:30
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -11,6 +11,7 @@ on:
 
 permissions:
     id-token: write # Required for OIDC
+    contents: read
 
 jobs:
     lint-build-test:
@@ -52,7 +53,7 @@ jobs:
             contents: write # to be able to publish a GitHub release
             issues: write # to be able to comment on released issues
             pull-requests: write # to be able to comment on released pull requests
-            id-token: write # Required for npm provenance
+            id-token: write # Required for OIDC
 
         steps:
             - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
@@ -66,6 +67,12 @@ jobs:
                   cache: 'yarn'
                   registry-url: 'https://registry.npmjs.org'
 
+            # Upgrade npm to latest for OIDC support
+            - name: Upgrade npm
+              run: |
+                  npm install -g npm@latest
+                  echo "npm version: $(npm --version)"
+
             - run: yarn install --frozen-lockfile
             - run: yarn build
 
@@ -79,6 +86,10 @@ jobs:
             - name: Publish to npm with OIDC
               if: ${{ hashFiles('.release-created') != '' }}
               run: |
+                  echo "=== Debug Info ==="
                   echo "npm version: $(npm --version)"
-                  echo "OIDC URL available: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL != '' }}"
-                  npm publish --workspaces --access public --provenance --registry https://registry.npmjs.org
+                  echo "node version: $(node --version)"
+                  echo "OIDC token URL available: ${ACTIONS_ID_TOKEN_REQUEST_URL:+yes}"
+                  echo "Registry: $(npm config get registry)"
+                  echo "==================="
+                  npm publish --workspaces --access public --provenance
