From a5cd052dadccd00cf05486438586ca5d4cafb68c Mon Sep 17 00:00:00 2001 From: Ernesto Barbosa Date: Fri, 5 Dec 2025 16:57:23 -0300 Subject: [PATCH 1/2] remove always-auth config --- .github/workflows/publish-npm.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index 231ac9e74..4f883296b 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -62,7 +62,6 @@ jobs: echo "Configuring npm to use ${CODEARTIFACT_URL}" - npm config set always-auth true npm config set registry "${CODEARTIFACT_URL}" npm config set "//${CODEARTIFACT_DOMAIN}-${CODEARTIFACT_DOMAIN_OWNER}.d.codeartifact.${AWS_REGION}.amazonaws.com/npm/${CODEARTIFACT_REPOSITORY}/:_authToken" "${CODEARTIFACT_TOKEN}" From 482bbb75bc4a865c4f30442931ae4a9842f337fb Mon Sep 17 00:00:00 2001 From: Ernesto Barbosa Date: Fri, 5 Dec 2025 17:03:55 -0300 Subject: [PATCH 2/2] add mask to secrets in the publish-npm action --- .github/workflows/publish-npm.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index 4f883296b..f31d1632e 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -36,11 +36,6 @@ env: jobs: publish: runs-on: ubuntu-latest - - env: - CODEARTIFACT_TOKEN: ${{ inputs.CA_TOKEN }} - CODEARTIFACT_DOMAIN_OWNER: ${{ inputs.CA_OWNER }} - steps: - name: Checkout uses: actions/checkout@v4 @@ -54,6 +49,9 @@ jobs: run: | set -euo pipefail + export CODEARTIFACT_TOKEN="::add-mask::$(jq -r '.inputs.CA_TOKEN' $GITHUB_EVENT_PATH)" + export CODEARTIFACT_DOMAIN_OWNER="::add-mask::$(jq -r '.inputs.CA_OWNER' $GITHUB_EVENT_PATH)" + if [ -z "${CODEARTIFACT_TOKEN:-}" ]; then echo "CODEARTIFACT_TOKEN not set"; exit 1 fi