Skip to content

fix: simplify release to workflow_dispatch (no bot commits) #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Wenxin Jiang (Wenxin-Jiang) merged 4 commits into from
Apr 2, 2026
Merged

fix: simplify release to workflow_dispatch (no bot commits) #48

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b53aa0c
fix: simplify release to workflow_dispatch (no bot commits needed)
Wenxin-Jiang Apr 1, 2026
98e404f
fix: remove NPM_TOKEN, use OIDC trusted publishing like socket-cli
Wenxin-Jiang Apr 1, 2026
bcbd063
fix: restore NPM_TOKEN with environment for new package publishing
Wenxin-Jiang Apr 1, 2026
d0c042b
fix: use pure OIDC trusted publishing, matching socket-cli/socket-mcp
Wenxin-Jiang Apr 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix: restore NPM_TOKEN with environment for new package publishing 
OIDC trusted publishing doesn't work for brand new packages that
don't exist on the npm registry yet. The new -gnu/-musl packages
need NPM_TOKEN for their first publish.

Added `environment: npm-publish` to satisfy zizmor's
secrets-outside-env audit. The environment needs to be created
in the repo settings with the NPM_TOKEN secret.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • Loading branch information
@Wenxin-Jiang @claude
Wenxin-Jiang and claude committed Apr 1, 2026
commit bcbd0637b60b13bfd352a46891758177e60b18ec
5 changes: 5 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,7 @@ jobs:
needs: [version, build]
if: ${{ !inputs.dry-run }}
runs-on: ubuntu-latest
environment: npm-publish
permissions:
contents: read
id-token: write
Expand Down Expand Up @@ -291,6 +292,8 @@ jobs:
stage_win socket-patch-aarch64-pc-windows-msvc npm/socket-patch-win32-arm64

- name: Publish platform packages
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
for pkg_dir in npm/socket-patch-*/; do
echo "Publishing ${pkg_dir}..."
Expand All @@ -304,6 +307,8 @@ jobs:
run: cp README.md npm/socket-patch/README.md

- name: Publish main package
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish ./npm/socket-patch --provenance --access public

pypi-publish:
Expand Down
Loading