docs(README): add OIDC auth (#928)

navateja-alagam · web-flow · commit f8bdd528b5f1 · 2026-01-16T09:25:15.000+05:30
* docs(README): update nodejs to conform new npm release process

* docs(README): revert releaserc yml changes

* docs(README): update yml files to fix release

* docs(README): add verbose to releaserc yml

* docs(README): remove tokens in nodejs yml

* docs(README): revert whoami changes

* docs(README): update auth token mechanism

* docs(README): upgrade lerna

* docs(README): upgrade lerna

* docs(README): exchange token

* docs(README): exchange token

* docs(README): remove git reset

* docs(README): add registry

* docs(README): add registry

* docs(README): add OIDC auth
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -68,11 +68,20 @@ jobs:
             - run: yarn install --frozen-lockfile
             - run: yarn build
 
-            # Configure npm for OIDC (without token-based .npmrc from setup-node)
-            - name: Configure npm registry
-              run: npm config set registry https://registry.npmjs.org
-
-            - run: yarn run semantic-release
+            - name: Run semantic-release
+              id: semantic-release
+              run: yarn run semantic-release
               env:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-                  # npm publish uses OIDC automatically with id-token: write permission
+
+            # npm publish runs directly in workflow step so OIDC works
+            - name: Publish to npm with OIDC
+              if: success()
+              run: |
+                  # Check if any package was versioned (package.json was modified)
+                  if git diff --name-only HEAD~1 HEAD | grep -q "package.json"; then
+                    echo "Publishing packages to npm..."
+                    npm publish --workspaces --access public --provenance --registry https://registry.npmjs.org
+                  else
+                    echo "No version changes detected, skipping npm publish"
+                  fi
diff --git a/.releaserc.yml b/.releaserc.yml
@@ -18,7 +18,7 @@ plugins:
     - - '@semantic-release/changelog'
       - changelogTitle: "# Changelog\n\nAll notable changes to this project will be documented in this file."
     - - '@semantic-release/exec'
-      - publishCmd: yarn lerna version ${nextRelease.version} --no-git-tag-version --no-push --yes --exact && npm publish --workspaces --access public --provenance --registry https://registry.npmjs.org
+      - publishCmd: yarn lerna version ${nextRelease.version} --no-git-tag-version --no-push --yes --exact
     - '@semantic-release/github'
 
 preset: conventionalcommits
