Skip to content

fix(ci): stop stripping auth token before publish#13

Merged
bntvllnt merged 1 commit intomainfrom
fix/ci-publish-auth
Apr 26, 2026
Merged

fix(ci): stop stripping auth token before publish#13
bntvllnt merged 1 commit intomainfrom
fix/ci-publish-auth

Conversation

@bntvllnt
Copy link
Copy Markdown
Contributor

@bntvllnt bntvllnt commented Apr 26, 2026

Problem

Both canary and release jobs were running:

sed -i '/_authToken/d' "$NPM_CONFIG_USERCONFIG"
unset NODE_AUTH_TOKEN

This stripped NODE_AUTH_TOKEN before publishing, leaving the runner unauthenticated → ENEEDAUTH.

Root cause

NODE_AUTH_TOKEN handles registry authentication. --provenance handles attestation. They are independent. Removing the token doesn't enable OIDC auth — it just removes credentials.

Fix

Drop the credential-stripping lines from both jobs. NODE_AUTH_TOKEN (set by setup-node via the repo secret) authenticates the publish; --provenance attaches the attestation as before.

@bntvllnt
fix(ci): stop stripping auth token before publish
6e60cc9 
The sed + unset lines were removing NODE_AUTH_TOKEN before publishing,
leaving the runner with no credentials — causing ENEEDAUTH. NODE_AUTH_TOKEN
handles registry auth; --provenance handles attestation. They are independent.
Drop the credential-stripping lines from both canary and release jobs.
@bntvllnt bntvllnt self-assigned this Apr 26, 2026
@bntvllnt bntvllnt merged commit e336595 into main Apr 26, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@bntvllnt bntvllnt

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bntvllnt