chore(publish): remove trusted publishing diagnostics
This commit is contained in:
Alex Verkhovsky
parent
6a0046917a
commit
b7315c6e32
|
|
@ -56,85 +56,6 @@ jobs:
|
|||
run: |
|
||||
# npm trusted publishing requires Node >= 22.14.0 and npm >= 11.5.1.
|
||||
npm install --global npm@11.6.2
|
||||
echo "Node: $(node --version)"
|
||||
echo "npm: $(npm --version)"
|
||||
|
||||
- name: Debug npm auth config surface
|
||||
run: |
|
||||
USERCONFIG=$(npm config get userconfig)
|
||||
echo "npm userconfig: $USERCONFIG"
|
||||
if [ -f "$USERCONFIG" ]; then
|
||||
if rg -n "_authToken|always-auth|registry.npmjs.org" "$USERCONFIG" >/dev/null 2>&1; then
|
||||
echo "npm userconfig contains registry auth-related entries"
|
||||
rg -n "_authToken|always-auth|registry.npmjs.org" "$USERCONFIG" | sed -E 's/(_authToken=).*/\1***MASKED***/'
|
||||
else
|
||||
echo "npm userconfig has no registry auth-related entries"
|
||||
fi
|
||||
else
|
||||
echo "npm userconfig file not found"
|
||||
fi
|
||||
|
||||
- name: Debug trusted publishing identity
|
||||
run: |
|
||||
echo "GitHub workflow context:"
|
||||
echo " repository: ${{ github.repository }}"
|
||||
echo " repository_owner: ${{ github.repository_owner }}"
|
||||
echo " ref: ${{ github.ref }}"
|
||||
echo " event_name: ${{ github.event_name }}"
|
||||
echo " workflow: ${{ github.workflow }}"
|
||||
echo " workflow_ref: ${{ github.workflow_ref }}"
|
||||
echo " actor: ${{ github.actor }}"
|
||||
echo " selected_channel: ${{ inputs.channel || 'n/a' }}"
|
||||
echo " selected_bump: ${{ inputs.bump || 'n/a' }}"
|
||||
if [ "${NODE_AUTH_TOKEN+x}" = "x" ]; then
|
||||
if [ -n "$NODE_AUTH_TOKEN" ]; then
|
||||
echo " node_auth_token_state: set-nonempty"
|
||||
else
|
||||
echo " node_auth_token_state: set-empty"
|
||||
fi
|
||||
else
|
||||
echo " node_auth_token_state: unset"
|
||||
fi
|
||||
|
||||
WORKFLOW_FILE=$(node -e "
|
||||
const ref = process.argv[1] || '';
|
||||
const match = ref.match(/\.github\/workflows\/([^@]+)@/);
|
||||
process.stdout.write(match ? match[1] : '');
|
||||
" "${{ github.workflow_ref }}")
|
||||
echo " workflow_filename_for_npm: ${WORKFLOW_FILE:-unknown}"
|
||||
|
||||
echo "OIDC claims (sanitized):"
|
||||
RESPONSE=$(curl -fsS -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=npm:registry.npmjs.org")
|
||||
ID_TOKEN=$(node -e "
|
||||
const fs = require('fs');
|
||||
const data = JSON.parse(fs.readFileSync(0, 'utf8'));
|
||||
process.stdout.write(data.value || '');
|
||||
" <<<"$RESPONSE")
|
||||
|
||||
node -e "
|
||||
const token = process.argv[1];
|
||||
if (!token) {
|
||||
console.log(JSON.stringify({ error: 'missing_id_token' }, null, 2));
|
||||
process.exit(0);
|
||||
}
|
||||
const payloadPart = token.split('.')[1] || '';
|
||||
const padded = payloadPart.replace(/-/g, '+').replace(/_/g, '/') + '='.repeat((4 - (payloadPart.length % 4)) % 4);
|
||||
const claims = JSON.parse(Buffer.from(padded, 'base64').toString('utf8'));
|
||||
const out = {
|
||||
iss: claims.iss,
|
||||
sub: claims.sub,
|
||||
aud: claims.aud,
|
||||
repository: claims.repository,
|
||||
repository_owner: claims.repository_owner,
|
||||
workflow: claims.workflow,
|
||||
workflow_ref: claims.workflow_ref,
|
||||
job_workflow_ref: claims.job_workflow_ref,
|
||||
ref: claims.ref,
|
||||
environment: claims.environment || null,
|
||||
runner_environment: claims.runner_environment || null,
|
||||
};
|
||||
console.log(JSON.stringify(out, null, 2));
|
||||
" "$ID_TOKEN"
|
||||
|
||||
- name: Configure git user
|
||||
if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
|
||||
|
|
@ -175,17 +96,6 @@ jobs:
|
|||
if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
|
||||
run: 'npm version ${{ inputs.bump }} -m "chore(release): v%s [skip ci]"'
|
||||
|
||||
- name: Debug publish target and registry state
|
||||
run: |
|
||||
echo "Local package target:"
|
||||
node -e "
|
||||
const pkg = require('./package.json');
|
||||
console.log(JSON.stringify({ name: pkg.name, version: pkg.version }, null, 2));
|
||||
"
|
||||
|
||||
echo "Registry package view (bmad-method):"
|
||||
npm view bmad-method name version dist-tags --json || true
|
||||
|
||||
- name: Publish prerelease to npm
|
||||
if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && inputs.channel == 'next')
|
||||
run: npm publish --tag next --provenance
|
||||
|
|
@ -194,26 +104,6 @@ jobs:
|
|||
if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
|
||||
run: npm publish --tag latest --provenance
|
||||
|
||||
- name: Print npm debug logs
|
||||
if: always()
|
||||
run: |
|
||||
LOG_DIR="$HOME/.npm/_logs"
|
||||
echo "npm log directory: $LOG_DIR"
|
||||
ls -la "$LOG_DIR" || true
|
||||
|
||||
found=0
|
||||
for file in "$LOG_DIR"/*-debug-0.log; do
|
||||
[ -e "$file" ] || continue
|
||||
found=1
|
||||
echo "::group::npm-debug $(basename "$file")"
|
||||
cat "$file"
|
||||
echo "::endgroup::"
|
||||
done
|
||||
|
||||
if [ "$found" -eq 0 ]; then
|
||||
echo "No npm *-debug-0.log files found."
|
||||
fi
|
||||
|
||||
- name: Push version commit and tag
|
||||
if: github.event_name == 'workflow_dispatch' && inputs.channel == 'latest'
|
||||
run: git push origin main --follow-tags
|
||||
|
|
|
|||
Loading…
Reference in New Issue