fix(mobile-mcp): align CD workflow with release.yml npm auth (add scope, drop provenance) (#6257)

This commit is contained in:
顾盼 2026-07-03 17:37:21 +08:00 committed by GitHub
parent 972cb044d1
commit 9ea309961c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -14,20 +14,21 @@ on:
type: 'boolean'
default: true
permissions:
contents: 'read'
id-token: 'write'
jobs:
build-and-publish:
runs-on: 'ubuntu-latest'
permissions:
contents: 'read'
steps:
- uses: 'actions/checkout@v4'
- uses: 'actions/setup-node@v5'
with:
node-version: '22'
node-version-file: '.nvmrc'
cache: 'npm'
cache-dependency-path: 'package-lock.json'
registry-url: 'https://registry.npmjs.org'
scope: '@qwen-code'
- name: 'Determine version'
id: 'version'
@ -58,6 +59,6 @@ jobs:
- name: 'Publish'
if: '${{ !inputs.dry_run }}'
working-directory: 'packages/mobile-mcp'
run: 'npm publish --access public --provenance'
run: 'npm publish --access public'
env:
NODE_AUTH_TOKEN: '${{ secrets.NPM_TOKEN }}'