fix(release): pass --tag next when publishing a pre-release#481
Merged
Conversation
The v0.8.0-rc.1 dispatch (run 25640431367, second attempt) failed at the
Publish step with:
npm error You must specify a tag using --tag when publishing a
prerelease version.
`npm publish` refuses to default a semver prerelease (`-rc.1`) to the
`latest` dist-tag because that would silently demote stable consumers
who pin `latest`. Without `--tag`, prereleases fail closed.
Parameterise the publish step on `inputs.prerelease`:
- prerelease=true → `npm publish --provenance --tag next <tarball>`
- prerelease=false → `npm publish --provenance <tarball>` (defaults to
`latest`)
This is workflow plumbing — every other step (Layer 1+2 readiness,
build:claude-plugin, tarball provenance attestation, Release create
with asset upload) succeeded on the previous dispatch, so the
Trusted-Publishing config on npmjs.com is reachable end-to-end. This
fix unblocks the last gate before the OIDC publish actually runs.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The v0.8.0-rc.1 dispatch (run 25640431367) reached the npm publish step and failed with:
```
npm error You must specify a tag using --tag when publishing a prerelease version.
```
`npm publish` refuses to default a semver prerelease (`-rc.1`) to the `latest` dist-tag because that would silently demote stable consumers who pin `latest`. Without `--tag`, prereleases fail closed.
Parametrise the publish step on `inputs.prerelease`:
What the failed dispatch confirmed
Every gate before npm CLI ran green:
So the npmjs.com Trusted Publishing config and the OIDC token-mint path are reachable end-to-end. This fix unblocks the last gate before OIDC auth actually runs.
Test plan
```
npm view specorator@0.8.0-rc.1 --json | jq '{version: .version, attestations: .dist.attestations, dist_tags: ._npmUser}'
npm view specorator dist-tags --json # should show "next": "0.8.0-rc.1", "latest" unchanged at "0.7.0"
```
Idempotency on re-dispatch
The previous failed dispatch created the `v0.8.0-rc.1` GitHub Release with the candidate tarball asset attached. The re-dispatch will hit the workflow's "promote in place" branch (step 9a):
🤖 Generated with Claude Code