fix: remove GitHub registry auth steps for npm install#233
Conversation
These steps were never required — the job was passing before them, proving the @bigcommerce-labs packages resolve without explicit GitHub Packages authentication. Co-Authored-By: Claude <noreply@anthropic.com>
jairo-bc
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| with: | ||
| node-version: '22.x' | ||
|
|
||
| # this is crucial for bodl-events package to be able to resolve @bigcommerce-labs scoped packages |
There was a problem hiding this comment.
Registry auth removed inconsistently across workflow files
Medium Severity
The GitHub Packages auth steps for @bigcommerce-labs are removed from release.yml but remain in build.yml. The package-lock.json resolves @bigcommerce-labs/bodl-events from https://npm.pkg.github.com/, which typically requires authentication. If auth is truly unnecessary, the steps in build.yml are now redundant dead code; if auth is actually needed, npm i in the release workflow will fail when fetching this dependency.
|
🎉 This PR is included in version 6.21.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
2 participants
What/Why?
Remove the two steps that configure
@bigcommerce-labsregistry auth in.npmrcbeforenpm i. The job was passing before these steps existed, so they are not actually required to resolve@bigcommerce-labs/bodl-events.Rollout/Rollback
CI/CD configuration change only. Rollback by reverting this PR.
Testing
Verify
npm isucceeds in CI without the GitHub Packages auth steps.Note
Low Risk
Low risk CI/CD-only change that removes GitHub Packages auth setup from the release workflow; main risk is
npm ior release failing if private scoped packages are still required in this job.Overview
Simplifies the
release.ymlGitHub Actions workflow by removing the steps that write@bigcommerce-labsGitHub Packages registry and auth token config into~/.npmrcbefore runningnpm i.The release job now relies on the default npm configuration while keeping the existing build, commitlint, and
npm run releasesteps unchanged.Written by Cursor Bugbot for commit 2b4ce22. This will update automatically on new commits. Configure here.