Skip to content

[BUGFIX] Fix npm auth issues after OIDC disable #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JaysonGCS merged 1 commit into from
Dec 19, 2025
Merged

[BUGFIX] Fix npm auth issues after OIDC disable #21

JaysonGCS merged 1 commit into from
Dec 19, 2025

Conversation

@JaysonGCS
Copy link
Contributor

@JaysonGCS JaysonGCS commented Dec 19, 2025
edited
Loading

Description

Fixes npm authentication failures in the release workflow after OIDC was temporarily disabled. The release was failing with 401 Unauthorized errors during the verifyConditions step.

Changes Made

  • Removed provenance: true from publishConfig in package.json - provenance attestations require OIDC authentication (id-token: write permission)
  • Added NODE_AUTH_TOKEN environment variable to the release workflow - the setup-node action creates an .npmrc file that expects this variable for npm CLI authentication

Definition of Done

  • All automated tests have passed successfully.
  • All manual tests have passed successfully.
  • Code has been reviewed by at least one other team member.
  • Code has been properly documented and commented as needed.
  • All new and existing code adheres to our project's coding standards.
  • All dependencies have been added or removed from the project's README or other documentation as needed.
  • Any relevant documentation or help files have been updated to reflect the changes made in this pull request.
  • Any necessary database migrations have been run.
  • Any relevant UI changes have been reviewed and approved by the UI/UX team.

Additional Notes

Once OIDC is re-enabled in the future, provenance: true can be added back to publishConfig to enable npm provenance attestations.

@JaysonGCS JaysonGCS changed the title fix: resolve npm auth issues after OIDC disable [BUGFIX] Fix npm auth issues after OIDC disable Dec 19, 2025
@JaysonGCS @claude
fix: resolve npm auth issues after OIDC disable
f663584 
- Remove provenance: true from publishConfig (requires OIDC)
- Add NODE_AUTH_TOKEN env var for npm CLI authentication

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: “JaysonGCS“ <goh.chung.sern@gmail.com>
@JaysonGCS JaysonGCS force-pushed the fix/release-npm-auth branch from 84e26a2 to f663584 Compare December 19, 2025 17:26
@JaysonGCS JaysonGCS merged commit 90d89f5 into main Dec 19, 2025
1 check passed
@JaysonGCS JaysonGCS deleted the fix/release-npm-auth branch December 19, 2025 17:28
@github-actions
Copy link

github-actions bot commented Dec 20, 2025

🎉 This PR is included in version 1.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

JaysonGCS added a commit that referenced this pull request Dec 20, 2025
@JaysonGCS
Revert "fix: resolve npm auth issues after OIDC disable (#21)"
eb23ca0 
This reverts commit 90d89f5.
JaysonGCS added a commit that referenced this pull request Dec 20, 2025
@JaysonGCS
Revert "fix: resolve npm auth issues after OIDC disable (#21)"
069e7b1 
This reverts commit 90d89f5.

Signed-off-by: “JaysonGCS“ <goh.chung.sern@gmail.com>
JaysonGCS added a commit that referenced this pull request Dec 20, 2025
@JaysonGCS
[MAINTENANCE] Recover OIDC in release workflow (#22)
aa3de40 
* Revert "fix: resolve npm auth issues after OIDC disable (#21)"

This reverts commit 90d89f5.

Signed-off-by: “JaysonGCS“ <goh.chung.sern@gmail.com>

* Revert "chore: temporarily disable OIDC in release workflow (#20)"

This reverts commit bac8746.

Signed-off-by: “JaysonGCS“ <goh.chung.sern@gmail.com>

* chore: remove npm token in release env

Signed-off-by: “JaysonGCS“ <goh.chung.sern@gmail.com>

---------

Signed-off-by: “JaysonGCS“ <goh.chung.sern@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JaysonGCS