mirror of
https://github.com/railwayapp/cli
synced 2026-04-21 14:07:23 +00:00
8da480744a
The Publish NPM job has been failing since v4.37.0. Root cause: npm 10 (bundled with Node 22) can sign provenance via OIDC but cannot authenticate the registry upload itself via trusted publishing — that requires npm >= 11.5.1. With no NODE_AUTH_TOKEN secret configured, the publish fell through to an anonymous PUT, which the registry rejected as a 404 (the standard response for scoped packages when auth is missing). Bump the runner to Node 24, which bundles npm 11.x. Drop --provenance since trusted publishing attaches it automatically. Also bump actions/setup-node to v6 — v4 runs on Node 20 internally, which GitHub is deprecating. This supersedes #838, which removed the npm self-upgrade step after npm@latest started cross-major upgrading and corrupting itself mid-install. Using Node 24's bundled npm avoids both the corruption and the self-upgrade entirely. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| workflows | ||
| changelog-configuration.json | ||