fix(embedded-sdk): omit registry-url so npm uses OIDC publishing (#41211)

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Evan Rusackas
2026-06-18 13:43:23 -07:00
committed by GitHub
parent 0f05239260
commit a7c0f4b83d

View File

@@ -26,17 +26,23 @@ jobs:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
# Note: registry-url is intentionally omitted. When set, actions/setup-node
# writes an .npmrc with `_authToken=${NODE_AUTH_TOKEN}` and a placeholder
# token, which makes npm attempt token auth and skip the OIDC
# trusted-publishing exchange. With no .npmrc auth line, npm authenticates
# via OIDC against the default registry (registry.npmjs.org).
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version-file: "./superset-embedded-sdk/.nvmrc"
registry-url: "https://registry.npmjs.org"
# Diagnostic: confirm GitHub OIDC is granted to this job. npm trusted
# publishing needs the id-token request env vars; "no" here means OIDC was
# not issued and publishing cannot authenticate.
- name: Check OIDC availability
run: |
if [ -n "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then
echo "GitHub OIDC available to job: yes"
else
echo "GitHub OIDC available to job: no"
fi
- run: npm ci
- run: npm run ci:release
env:
# actions/setup-node injects a placeholder NODE_AUTH_TOKEN
# (XXXXX-XXXXX-XXXXX-XXXXX) when registry-url is set, which makes npm
# attempt failed token auth and skip the OIDC trusted-publishing
# exchange. Clear it so npm authenticates via OIDC. The Node pinned in
# .nvmrc (v24.16.0) ships npm 11.13, satisfying the >= 11.5.1
# trusted-publishing requirement, so no manual npm upgrade is needed.
NODE_AUTH_TOKEN: ""