Skip to content

Comments

fix: enable OIDC auth for npm trusted publishing#27

Merged
koistya merged 3 commits intomainfrom
fix/npm-oidc-publish
Dec 2, 2025
Merged

fix: enable OIDC auth for npm trusted publishing#27
koistya merged 3 commits intomainfrom
fix/npm-oidc-publish

Conversation

@koistya
Copy link
Member

@koistya koistya commented Dec 2, 2025

Summary

  • Remove registry-url from actions/setup-node to prevent token-based .npmrc creation
  • Clear stale NODE_AUTH_TOKEN and NPM_TOKEN env vars before publish
  • Delete any leftover .npmrc to ensure OIDC flow is used

This fixes the "Access token expired or revoked" error during npm publish by ensuring the workflow uses OIDC-based authentication instead of the stale token.

- Rename misleading "should handle lookup consistently within tolerance
  window" to "should return lock info for active lock"
- Move Storage Key Consistency tests from E2E to new crypto.test.ts
- Add comprehensive unit tests for generateLockId, hashKey, formatFence
Remove registry-url to prevent actions/setup-node from creating
token-based .npmrc. Clear any stale npm tokens to ensure OIDC
flow is used for provenance signing.
@koistya koistya force-pushed the fix/npm-oidc-publish branch from fdf7a01 to a5c01a7 Compare December 2, 2025 22:56
@koistya koistya merged commit 61c29ca into main Dec 2, 2025
9 checks passed
@koistya koistya deleted the fix/npm-oidc-publish branch December 2, 2025 22:57
@codecov
Copy link

codecov bot commented Dec 2, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.37%. Comparing base (ef85a16) to head (a5c01a7).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main      #27   +/-   ##
=======================================
  Coverage   76.37%   76.37%           
=======================================
  Files          42       42           
  Lines        2688     2688           
=======================================
  Hits         2053     2053           
  Misses        635      635           
Flag Coverage Δ
contracts-firestore 47.05% <ø> (ø)
contracts-postgres 43.02% <ø> (ø)
contracts-redis 40.21% <ø> (ø)
unit 64.37% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant