Version Packages (#345) #123
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: {} | |
| jobs: | |
| release: | |
| if: github.repository_owner == 'OpenRouterTeam' | |
| name: Release | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: write | |
| id-token: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: pnpm/action-setup@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20.x" | |
| registry-url: "https://registry.npmjs.org" | |
| scope: "@openrouter" | |
| cache: pnpm | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Upgrade npm for OIDC support | |
| run: npm install -g npm@latest | |
| - name: Create Release Pull Request or Publish | |
| id: changesets | |
| uses: changesets/action@v1 | |
| with: | |
| version: pnpm changeset-version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: OIDC preflight - scrub .npmrc and verify registry | |
| run: | | |
| echo "=== OIDC Preflight ===" | |
| # Remove auth tokens from all potential .npmrc locations to ensure OIDC is used | |
| for npmrc in "$NPM_CONFIG_USERCONFIG" ~/.npmrc .npmrc; do | |
| if [ -n "$npmrc" ] && [ -f "$npmrc" ]; then | |
| echo "Cleaning $npmrc of any existing auth tokens..." | |
| # Remove registry-scoped tokens (allow optional whitespace around =) | |
| sed -i -E '/\/\/registry\.npmjs\.org\/:(_authToken|_auth)\s*=/d' "$npmrc" | |
| # Remove global tokens in any form | |
| sed -i -E '/^\s*(_authToken|_auth)\s*=/d' "$npmrc" | |
| # Remove global always-auth (case-insensitive, allow spacing) | |
| sed -i -E '/^\s*[Aa]lways-[Aa]uth\s*=/d' "$npmrc" | |
| fi | |
| done | |
| # Verify npm connectivity | |
| echo "Testing npm registry connectivity..." | |
| npm ping || exit 1 | |
| # Verify no token is active (should fail for OIDC to work) | |
| echo "Verifying no auth token is configured..." | |
| if npm whoami >/dev/null 2>&1; then | |
| echo "⚠ Warning: npm whoami succeeded without OIDC token" | |
| else | |
| echo "✓ Confirmed: npm whoami failed (OIDC will be used)" | |
| fi | |
| echo "" | |
| echo "Registry configuration:" | |
| npm config get registry | |
| npm config get @openrouter:registry || echo " (no @openrouter scope override)" | |
| - name: Publish with OIDC | |
| if: steps.changesets.outputs.hasChangesets == 'false' | |
| run: pnpm changeset-publish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Post-mortem diagnostics | |
| if: failure() | |
| run: | | |
| echo "=== Post-mortem Diagnostics ===" | |
| echo "Versions:" | |
| echo " Node: $(node --version)" | |
| echo " npm: $(npm --version)" | |
| echo " pnpm: $(pnpm --version)" | |
| echo "" | |
| echo "Registry configuration:" | |
| echo " registry: $(npm config get registry)" | |
| echo " @openrouter scope: $(npm config get @openrouter:registry || echo '(inherited from global)')" | |
| echo "" | |
| echo ".npmrc files status:" | |
| for npmrc in "$NPM_CONFIG_USERCONFIG" ~/.npmrc .npmrc; do | |
| if [ -n "$npmrc" ] && [ -f "$npmrc" ]; then | |
| echo " $npmrc:" | |
| echo " Lines: $(wc -l < "$npmrc")" | |
| echo " Auth lines: $(grep -c "_auth\|_token" "$npmrc" || echo "0")" | |
| echo " Content (redacted):" | |
| sed 's/\(_auth[^=]*=\).*/\1***REDACTED***/g; s/\(_token[^=]*=\).*/\1***REDACTED***/g' "$npmrc" | sed 's/^/ /' | |
| fi | |
| done | |
| echo "" | |
| echo "Package availability:" | |
| npm view @openrouter/ai-sdk-provider@latest version 2>&1 || echo " (could not fetch)" |