From 3b32cd43b425aaac13481a2d0c6d5d7d19fef359 Mon Sep 17 00:00:00 2001 From: Chisanan232 Date: Sat, 4 Jul 2026 08:49:24 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20(release):=20Prefix=20runtime=20?= =?UTF-8?q?npm=20publish=20path=20with=20./=20to=20avoid=20owner/repo=20sh?= =?UTF-8?q?orthand?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit release-node.yml passed a bare packages/${pkg} to npm publish; newer npm parses it as a GitHub owner/repo spec and git-ls-remotes it over SSH instead of publishing the local folder. ./ forces local-directory interpretation. Refs AAASM-4067. --- .github/workflows/release-node.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-node.yml b/.github/workflows/release-node.yml index ff57cd20..3da80a2a 100644 --- a/.github/workflows/release-node.yml +++ b/.github/workflows/release-node.yml @@ -375,8 +375,13 @@ jobs: # npm publish (not pnpm) drives OIDC trusted publishing; --provenance # attaches the SLSA attestation. --no-git-checks was pnpm-only and # has no npm equivalent (npm does not gate publish on git state). + # AAASM-4067: the target MUST carry a leading `./`. A bare + # `packages/` matches npm's GitHub `owner/repo` shorthand, so + # newer npm resolves it as `git ls-remote ssh://git@github.com/packages/.git` + # (Permission denied) instead of publishing the local folder. `./` + # forces the local-directory interpretation. # shellcheck disable=SC2086 - npm publish --access public --provenance $DIST_TAG "packages/${pkg}" + npm publish --access public --provenance $DIST_TAG "./packages/${pkg}" echo "::endgroup::" done