ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity

fix: isolate npm publish from injected auth config (#1886)

This commit is contained in:
Alex Verkhovsky 2026-03-10 03:49:01 -06:00 committed by GitHub
parent 1ed5c9d94b
commit 7bc2b5e0e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/publish.yaml vendored
View File

@ -51,7 +51,21 @@ jobs:
with:
node-version-file: ".nvmrc"
cache: "npm"
registry-url: "https://registry.npmjs.org"
- name: Debug npm auth config surface
run: |
USERCONFIG=$(npm config get userconfig)
echo "npm userconfig: $USERCONFIG"
if [ -f "$USERCONFIG" ]; then
if rg -n "_authToken|always-auth|registry.npmjs.org" "$USERCONFIG" >/dev/null 2>&1; then
echo "npm userconfig contains registry auth-related entries"
rg -n "_authToken|always-auth|registry.npmjs.org" "$USERCONFIG" | sed -E 's/(_authToken=).*/\1***MASKED***/'
else
echo "npm userconfig has no registry auth-related entries"
fi
else
echo "npm userconfig file not found"
fi
- name: Debug trusted publishing identity
run: |
@ -161,12 +175,14 @@ jobs:
if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.channel == 'next')
run: npm publish --tag next --provenance
env:
NPM_CONFIG_USERCONFIG: /dev/null
NODE_AUTH_TOKEN: ""
- name: Publish stable release to npm
if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
run: npm publish --tag latest --provenance
env:
NPM_CONFIG_USERCONFIG: /dev/null
NODE_AUTH_TOKEN: ""
- name: Print npm debug logs