Skip to content

Fix npm publish workflow auth failure for scoped package releases#30

Merged
leecalcote merged 3 commits intomasterfrom
copilot/fix-broken-workflow
Mar 5, 2026
Merged

Fix npm publish workflow auth failure for scoped package releases#30
leecalcote merged 3 commits intomasterfrom
copilot/fix-broken-workflow

Conversation

Copy link
Contributor

Copilot AI commented Mar 5, 2026
edited
Loading

The release publish workflow fails at npm publish for @sistent/mui-datatables with a 404/permission error during package upload. The publish step was relying on provenance/OIDC flow alone and did not provide npm token auth for the actual publish request.

  • Workflow fix

    • Updated .github/workflows/publish-package.yml to pass NODE_AUTH_TOKEN from secrets.NPM_TOKEN in the Publish Package step.
    • Kept provenance enabled (--provenance) so attestations remain part of release publishing.

  • Resulting behavior

    • Publish continues to use signed provenance metadata.
    • npm publish now has explicit registry authentication for the scoped package push.
- name: Publish Package
  env:
    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
  run: |
    set -e
    npm publish --provenance --access public --verbose

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 2 commits March 5, 2026 02:56
@leecalcote
fix: publish package with npm token instead of provenance flow
f44f210 
Co-authored-by: leecalcote <7570704+leecalcote@users.noreply.github.com>
@leecalcote
chore: retain provenance while adding npm auth token
4db52da 
Co-authored-by: leecalcote <7570704+leecalcote@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix broken workflow for CI/CD pipeline Fix npm publish workflow auth failure for scoped package releases Mar 5, 2026
@leecalcote leecalcote marked this pull request as ready for review March 5, 2026 02:59
Copilot AI review requested due to automatic review settings March 5, 2026 02:59
@leecalcote leecalcote merged commit e7f157f into master Mar 5, 2026
4 checks passed
@leecalcote leecalcote deleted the copilot/fix-broken-workflow branch March 5, 2026 02:59
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the npm publish GitHub Actions workflow to authenticate properly when publishing the scoped package @sistent/mui-datatables, while keeping provenance/attestations enabled.

Changes:

  • Passes NODE_AUTH_TOKEN from secrets.NPM_TOKEN to the npm publish step.
  • Removes a few trailing blank lines in the workflow file.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@leecalcote leecalcote

Copilot code review Copilot

Labels

area/challenges area/learning-paths

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leecalcote