Skip to content

Commit 403d222

Browse files
stainless-app[bot]stainless-app[bot]
committed
chore: switch npm publish to OIDC auth in stainless config
1 parent 1061df9 commit 403d222

File tree

5 files changed

+15
-11
lines changed

5 files changed

+15
-11
lines changed

.github/workflows/publish-npm.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,9 @@ jobs:
1212
publish:
1313
name: publish
1414
runs-on: ubuntu-latest
15+
permissions:
16+
contents: read
17+
id-token: write
1518

1619
steps:
1720
- uses: actions/checkout@v6
@@ -28,5 +31,3 @@ jobs:
2831
- name: Publish to NPM
2932
run: |
3033
bash ./bin/publish-npm
31-
env:
32-
NPM_TOKEN: ${{ secrets.KERNEL_NPM_TOKEN || secrets.NPM_TOKEN }}

.github/workflows/release-doctor.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,4 @@ jobs:
1717
- name: Check release environment
1818
run: |
1919
bash ./bin/check-release-environment
20-
env:
21-
NPM_TOKEN: ${{ secrets.KERNEL_NPM_TOKEN || secrets.NPM_TOKEN }}
2220

.stats.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
configured_endpoints: 108
22
openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-3fbe762c99e8a120c426ac22bc1fa257c9127d631b12a38a6440a37f52935543.yml
33
openapi_spec_hash: 5a190df210ed90b20a71c5061ff43917
4-
config_hash: 38c9b3b355025daf9bb643040e4af94e
4+
config_hash: 3b1fbbb6bda0dac7e8b42e155cd7da56

bin/check-release-environment

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,6 @@
22

33
errors=()
44

5-
if [ -z "${NPM_TOKEN}" ]; then
6-
errors+=("The NPM_TOKEN secret has not been set. Please set it in either this repository's secrets or your organization secrets")
7-
fi
8-
95
lenErrors=${#errors[@]}
106

117
if [[ lenErrors -gt 0 ]]; then

bin/publish-npm

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,12 @@
22

33
set -eux
44

5-
npm config set '//registry.npmjs.org/:_authToken' "$NPM_TOKEN"
5+
if [[ ${NPM_TOKEN:-} ]]; then
6+
npm config set '//registry.npmjs.org/:_authToken' "$NPM_TOKEN"
7+
elif [[ ! ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-} ]]; then
8+
echo "ERROR: NPM_TOKEN must be set if not running in a Github Action with id-token permission"
9+
exit 1
10+
fi
611

712
yarn build
813
cd dist
@@ -57,5 +62,9 @@ else
5762
TAG="latest"
5863
fi
5964

65+
# Install OIDC compatible npm version
66+
npm install --prefix ../oidc/ npm@11.6.2
67+
6068
# Publish with the appropriate tag
61-
yarn publish --tag "$TAG"
69+
export npm_config_registry='https://registry.npmjs.org'
70+
../oidc/node_modules/.bin/npm publish --tag "$TAG"

0 commit comments

Comments
 (0)