mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-13 21:01:21 +08:00
ci(hexclave): scope mirror publish to @hexclave/* packages
Filter `pnpm publish -r` to only the rewritten @hexclave/* packages in the mirror step, removing the reliance on pnpm's skip-existing-versions behavior for the unchanged @stackframe/* packages still in the workspace at that point. Addresses greptile P1 finding on PR #1481.
This commit is contained in:
Bilal Godil
parent
5f8175a53b
commit
d358f42dd0
7
.github/workflows/npm-publish.yaml
vendored
7
.github/workflows/npm-publish.yaml
vendored
@ -111,6 +111,11 @@ jobs:
|
||||
run: pnpm tsx scripts/rewrite-packages-to-hexclave.ts --version=1.0.0
|
||||
|
||||
- name: Publish @hexclave/* mirror packages
|
||||
run: pnpm publish -r --no-git-checks --access public
|
||||
# Filter to @hexclave/* so this step's correctness does not depend on
|
||||
# `pnpm publish -r` silently skipping already-published @stackframe/*
|
||||
# versions — pnpm's skip-existing-versions check has historically
|
||||
# failed open on registry edge cases, and unfiltered re-publish of an
|
||||
# existing version would 403 the whole run.
|
||||
run: pnpm publish -r --filter "@hexclave/*" --no-git-checks --access public
|
||||
env:
|
||||
NPM_CONFIG_PROVENANCE: true
|
||||
|
||||
Loading…
Reference in New Issue
Block a user