File tree Expand file tree Collapse file tree 2 files changed +19
-7
lines changed Expand file tree Collapse file tree 2 files changed +19
-7
lines changed Original file line number Diff line number Diff line change @@ -24,9 +24,13 @@ import { execSync } from 'child_process'
2424 // token, because releasePublish wants a token that has the id_token: write permission
2525 // so that we can use OIDC for trusted publishing
2626
27- const gh_token_bak = process . env . GITHUB_TOKEN
28- process . env . GITHUB_TOKEN = process . env . RELEASE_GITHUB_TOKEN
29-
27+ // backup original auth header
28+ const originalAuth = execSync ( 'git config --local http.https://github.com/.extraheader' )
29+ . toString ( )
30+ . trim ( )
31+ // switch the token used
32+ const authHeader = `AUTHORIZATION: basic ${ Buffer . from ( `x-access-token:${ process . env . RELEASE_GITHUB_TOKEN } ) . toString ( 'base64' ) }
33+ execSync ( `git config --local http.https://github.com/.extraheader "${ authHeader } )
3034 await releaseChangelog ( {
3135 versionData : projectsVersionData ,
3236 version : workspaceVersion ,
@@ -36,7 +40,8 @@ import { execSync } from 'child_process'
3640 } )
3741
3842 // npm publish with OIDC
39- process . env . GITHUB_TOKEN = gh_token_bak
43+ // not strictly necessary to restore the header but do it incase we require it later
44+ execSync ( `git config --local http.https://github.com/.extraheader "${ originalAuth } )
4045 const publishResult = await releasePublish ( {
4146 registry : 'https://registry.npmjs.org/' ,
4247 access : 'public' ,
Original file line number Diff line number Diff line change @@ -62,8 +62,13 @@ if (!validSpecifiers.includes(versionSpecifier) && !isValidVersion) {
6262 // token, because releasePublish wants a token that has the id_token: write permission
6363 // so that we can use OIDC for trusted publishing
6464
65- const gh_token_bak = process . env . GITHUB_TOKEN
66- process . env . GITHUB_TOKEN = process . env . RELEASE_GITHUB_TOKEN
65+ // backup original auth header
66+ const originalAuth = execSync ( 'git config --local http.https://github.com/.extraheader' )
67+ . toString ( )
68+ . trim ( )
69+ // switch the token used
70+ const authHeader = `AUTHORIZATION: basic ${ Buffer . from ( `x-access-token:${ process . env . RELEASE_GITHUB_TOKEN } ) . toString ( 'base64' ) }
71+ execSync ( `git config --local http.https://github.com/.extraheader "${ authHeader } )
6772
6873 const result = await releaseChangelog ( {
6974 versionData : projectsVersionData ,
@@ -74,7 +79,9 @@ if (!validSpecifiers.includes(versionSpecifier) && !isValidVersion) {
7479 } )
7580
7681 // npm publish with OIDC
77- process . env . GITHUB_TOKEN = gh_token_bak
82+ // not strictly necessary to restore the header but do it incase we require it later
83+ execSync ( `git config --local http.https://github.com/.extraheader "${ originalAuth } )
84+
7885 const publishResult = await releasePublish ( {
7986 registry : 'https://registry.npmjs.org/' ,
8087 access : 'public' ,
You can’t perform that action at this time.
0 commit comments