From bb6d8f890d706ad9baab98f31d7500045e8a1c93 Mon Sep 17 00:00:00 2001 From: Agent IX Date: Sat, 27 Jun 2026 09:26:44 -0700 Subject: [PATCH] ci(release): token publish for first npmjs release (NPM_TOKEN) OIDC Trusted Publishing can't create packages that don't exist on npmjs yet (@agent-ix/ix, ix-cli-local, ix-cli-elements are new). Use the NPM_TOKEN secret for this first publish; revert to trusted_publish once the packages exist and trusted publishers are configured. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/release.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 60091d1..8119697 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,5 +14,11 @@ jobs: uses: agent-ix/nodejs-actions/.github/workflows/release-monorepo.yml@main with: npm_registry: https://registry.npmjs.org - trusted_publish: true - node_version: "22" # OIDC Trusted Publishing requires Node >= 22.14 + # Token-based for the first publish: OIDC Trusted Publishing can't + # bootstrap a package that doesn't exist on npmjs yet. Flip back to + # trusted_publish: true once the packages exist + trusted publishers + # are configured on npmjs.com. + trusted_publish: false + node_version: "22" + secrets: + NPM_REGISTRY_TOKEN: ${{ secrets.NPM_TOKEN }}