Skip to content

Commit 384c1a1

Browse files
Douglasgomes027Douglasgomes027
committed
ci(workflows): fix npm publish 404 error for scoped packages
1 parent b2ee30a commit 384c1a1

File tree

2 files changed

+15
-4
lines changed

2 files changed

+15
-4
lines changed

.github/workflows/CD.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -320,6 +320,9 @@ jobs:
320320
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/beta') && !contains(github.event.head_commit.message, 'chore(release):')
321321
needs: get-next-version
322322
runs-on: ubuntu-latest
323+
permissions:
324+
id-token: write # Required for OIDC
325+
contents: read
323326
steps:
324327
- name: Checkout
325328
uses: actions/checkout@v4
@@ -360,7 +363,7 @@ jobs:
360363
env:
361364
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
362365
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
363-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
366+
#NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
364367
NPM_CONFIG_REGISTRY: https://registry.npmjs.org:8443/
365368

366369
build-docs:

.github/workflows/pr-build-deploy.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ jobs:
2727
name: '🚀 Build and publish snapshot'
2828
needs: [validation, get-node-version]
2929
runs-on: ubuntu-latest
30+
permissions:
31+
id-token: write # Required for OIDC
32+
contents: read
3033
steps:
3134
- name: Checkout
3235
uses: actions/checkout@v4
@@ -38,6 +41,7 @@ jobs:
3841
with:
3942
node-version: ${{ needs.get-node-version.outputs.version }}
4043
registry-url: 'https://registry.npmjs.org'
44+
scope: '@securityscorecard'
4145

4246
- name: Setup Yarn
4347
run: |
@@ -116,8 +120,8 @@ jobs:
116120
- name: Publish to npm
117121
run: npm publish --tag pr-${{ github.event.number }}
118122
env:
119-
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
120-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
123+
#NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
124+
#NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
121125

122126
- name: Comment on PR
123127
uses: actions/github-script@v7
@@ -154,12 +158,16 @@ jobs:
154158
if: github.event.action == 'closed'
155159
needs: get-node-version
156160
runs-on: ubuntu-latest
161+
permissions:
162+
id-token: write # Required for OIDC
163+
contents: read
157164
steps:
158165
- name: Setup Node.js
159166
uses: actions/setup-node@v4
160167
with:
161168
node-version: ${{ needs.get-node-version.outputs.version }}
162169
registry-url: 'https://registry.npmjs.org'
170+
scope: '@securityscorecard'
163171

164172
- name: Setup Yarn
165173
run: |
@@ -171,7 +179,7 @@ jobs:
171179
npm unpublish @securityscorecard/design-system@pr-${{ github.event.number }}
172180
env:
173181
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
174-
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
182+
#NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
175183
continue-on-error: true
176184

177185
- name: Comment on PR

0 commit comments

Comments
 (0)