From 622b7450dfad5f6b82cdd8ed124d5d3b601e7bd0 Mon Sep 17 00:00:00 2001 From: Dmitry Prudnikov Date: Wed, 6 May 2026 17:16:04 +0300 Subject: [PATCH] =?UTF-8?q?fix(ci):=20drop=20@semantic-release/npm=20?= =?UTF-8?q?=E2=80=94=20use=20exec=20publishCmd=20for=20OIDC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @semantic-release/npm requires NPM_TOKEN env at verifyConditions (can't be skipped, doesn't know about OIDC). Replace with @semantic-release/exec publishCmd='npm publish --provenance --access public'. This is the gitlab-mcp pattern — explicit npm publish step works with OIDC trusted publishing, no token needed. --- .github/workflows/release.yml | 2 +- .releaserc.json | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b45e40..8fb30a1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -73,7 +73,7 @@ jobs: - name: Build run: yarn build - - name: Install semantic-release + - name: Install semantic-release (no @semantic-release/npm — OIDC via publishCmd) run: | npm install -g \ semantic-release@24 \ diff --git a/.releaserc.json b/.releaserc.json index ed28734..86b5cd8 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -23,11 +23,8 @@ "changelogFile": "CHANGELOG.md" }], ["@semantic-release/exec", { - "prepareCmd": "npm pkg set version=${nextRelease.version}" - }], - ["@semantic-release/npm", { - "npmPublish": true, - "tarballDir": "dist-tarball" + "prepareCmd": "npm pkg set version=${nextRelease.version}", + "publishCmd": "npm publish --provenance --access public" }], ["@semantic-release/git", { "assets": ["CHANGELOG.md", "package.json"],