11name : Publish Package
2-
32on :
43 push :
54 branches :
@@ -15,40 +14,37 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
1514jobs :
1615 build-and-publish :
1716 runs-on : ubuntu-latest
18-
1917 steps :
20- - name : 清理潜在的 Token 冲突
21- run : |
22- # 清除可能干扰 OIDC 的旧令牌环境变量
23- unset NODE_AUTH_TOKEN
24- # 或直接设置为空
25- # export NODE_AUTH_TOKEN=""
2618 - name : Checkout Repo
2719 uses : actions/checkout@v4
2820
29- - name : Setup bun
30- uses : oven-sh/setup-bun@v1 # Uncomment this if you're using Bun
21+ # 步骤顺序调整:setup-node 必须紧接在 checkout 之后
3122 - name : Setup Node.js for OIDC
3223 uses : actions/setup-node@v4
3324 with :
34- # 必须指定 >=20 的 Node.js 版本,以确保 npm >= 11.5 支持 OIDC
3525 node-version : " 20.x"
36- # 这是 OIDC 发布的核心配置,告诉 npm 使用 GitHub OIDC 令牌
3726 registry-url : " https://registry.npmjs.org"
38- # 安装依赖
27+
28+ - name : Setup bun
29+ uses : oven-sh/setup-bun@v1
30+
31+ # 清理步骤移到 setup-node 之后,确保清除残留
32+ - name : 清理潜在的 Token 冲突
33+ run : |
34+ # 彻底清理 npm 可能读取的所有认证环境变量
35+ unset NODE_AUTH_TOKEN
36+ unset NPM_TOKEN
37+ # 验证是否清理成功
38+ echo "NODE_AUTH_TOKEN 值为: '${NODE_AUTH_TOKEN:-未设置}'"
39+
3940name : Install dependencies
4041 run : bun install
4142
4243 - name : Create Release Pull Request or Publish to npm
4344 id : changesets
4445 uses : changesets/action@v1
4546 with :
46- # This expects you to have a script called release which does a build for your packages and calls changeset publish
4747 publish : bun run release
4848 env :
49- # this doesn't work but semantic-release works
50- # see https://github.com/sonofmagic/npm-lib-rollup-template/blob/main/.github/workflows/release.yml#L46
51- # NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
5249 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
53- # NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
54- # npm_config_registry: https://registry.npmjs.org
50+ # 重要:不设置任何 npm 相关 token!
0 commit comments