ci: drop npm provenance flag incompatible with self-hosted runners

Sigstore provenance verification only supports GitHub-hosted runners,
causing E422 on publish. Remove --provenance and the unused id-token
permission.
This commit is contained in:
kite 2026-06-12 20:02:52 +08:00
parent 372802d294
commit f577742c04

View file

@ -84,7 +84,6 @@ jobs:
image: node:20
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
@ -103,6 +102,6 @@ jobs:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Publish to npm
run: npm publish --access public --provenance
run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}