fix the npm token issues #2664
fix the npm token issues #2664
Conversation
| - main | ||
| # Set default permissions as restrictive | ||
| permissions: | ||
| id-token: write # Required for OIDC |
There was a problem hiding this comment.
@JoeCap08055 Is the the only change needed in here or there are other things I'm missing?
There was a problem hiding this comment.
If there are any other workflows that publish those will fail, assuming this is the file that is authorized on npm.
See https://github.com/ProjectLibertyLabs/dev-lore-playbook/blob/main/Releases/NpmPackagesAndPublishing.md for more detail.
There was a problem hiding this comment.
@shannonwells per my notes in #2663 , the example in the lore playbook cited above won't work--that's a shared action, what we need is a shared workflow. If we manage to come up with an appropriate shared workflow in this PR, we should update the lore playbook with the proper example.
|
I don't think this addresses the issue. So the correct solution to the problem is to define a shared workflow (which is not the same as a shared action) that handles all NPM publishing in this repo. I've described what needs to be done in the issue #2663 . |
| packages: read | ||
|
|
||
| jobs: | ||
| publish-js-api-augment-rc: |
There was a problem hiding this comment.
Open to arguments against this but I don't think we need to publish these on merge. We can always use an rc release if needed any of these packages and I think simplifying this makes more sense compared to creating a shared workflow which requires more effort without any tangible reward.
There was a problem hiding this comment.
I'm fine with removing these steps; we can always add them back at some point when there's time to revisit the shared publishing workflow.
Description
Fix the npm token changes
https://github.com/frequency-chain/frequency/actions/runs/20860686128/job/59941049866
Closes