-
Notifications
You must be signed in to change notification settings - Fork 59.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
actions/publishing(nodejs): id-token: write
for npm publish
with --provenance
#33569
Conversation
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
Thanks for submitting a PR to the GitHub Docs project! In order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, see the documentation. |
Well,
This repo is owned by org, thus there is no such option. (And no, I am not going to move to my personal account just for this.) If this is really a blocker, feel free to close this and do it on your version. |
Automatically generated comment ℹ️This comment is automatically generated and will be overwritten every time changes are committed to this branch. The table contains an overview of files in the Content directory changesYou may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.
fpt: Free, Pro, Team |
This comment was marked as spam.
This comment was marked as spam.
|
Co-authored-by: Alex Nguyen <[email protected]>
@revi Thanks so much for opening a PR! I'll get this triaged for review ✨ |
…`--provenance` NPM refuses to publish with `--provenance` unless `id-token: write` permission is supplied. ``` npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access npm error code EUSAGE npm error Provenance generation in GitHub Actions requires "write" access to the "id-token" permission ``` See also: https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions Signed-off-by: Yongmin Hong <[email protected]>
[screenshot](https://github.com/github/docs/assets/7630875/55a8f9a7-0d2e-4fff-a181-b90cc239ac16) Most likely generated because `{% ifversion artifact-attestations %}` is in their own lines, so put that just before the `permissions:` to remove that extraneous line. Signed-off-by: Yongmin Hong <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for catching this and updating it, @revi! You did the versioning perfectly too. ✨ I'll go ahead and get this merged.
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡ |
Why:
NPM refuses to publish with
--provenance
unlessid-token: write
permission is supplied.I used the
{% ifversion artifact-attestations %}
as it was there in L60 (where the relevant docs were written), but not sure if this would work well... :PSee also: https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
Closes:
What's being changed (if available, include any code snippets, screenshots, or gifs):
Supply
id-token: write
permission as documented by NPM.Check off the following:
I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).
data
directory.For content changes, I have completed the self-review checklist.