fix: gh action with id token permission for OIDC

mahimairaja · mahimairaja · commit 11379a9f3fa1 · 2026-02-21T20:41:29.000-05:00
diff --git a/.github/workflows/publish-js.yml b/.github/workflows/publish-js.yml
@@ -5,15 +5,17 @@ on:
     types: [published]
   workflow_dispatch:
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: rea
+
 jobs:
   publish:
     name: Publish to npm
     if: github.event_name == 'workflow_dispatch' || startsWith(github.event.release.tag_name, 'v')
     runs-on: ubuntu-latest
     environment: npm
-    permissions:
-      contents: read
-      id-token: write
+
 
     defaults:
       run:
@@ -26,7 +28,7 @@ jobs:
       - name: Set up Node
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: '24'
           registry-url: 'https://registry.npmjs.org'
           cache: npm
           cache-dependency-path: packages/js/package-lock.json
@@ -46,7 +48,7 @@ jobs:
           npm pkg get name version
 
       - name: Build
-        run: npm run build
+        run: npm run build --if-present
 
-      - name: Publish to npm
-        run: npm publish --provenance --access public
+      - name: Publish
+        run: npm publish
