core/core-agent-ide
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
core-agent-ide/.github/workflows
History
Michael Bolin 5332f6e215
fix: make publish-npm its own job with specific permissions (#3767) 
The build for `v0.37.0-alpha.3` failed on the `Create GitHub Release`
step:

https://github.com/openai/codex/actions/runs/17786866086/job/50556513221

with:

```
⚠️ GitHub release failed with status: 403
{"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/releases/releases#create-a-release","status":"403"}
Skip retry — your GitHub token/PAT does not have the required permission to create a release
```

I believe I should have not introduced a top-level `permissions` for the
workflow in https://github.com/openai/codex/pull/3431 because that
affected the `permissions` for each job in the workflow.

This PR introduces `publish-npm` as its own job, which allows us to:

- consolidate all the Node.js-related steps required for publishing
- limit the reach of the `id-token: write` permission
- skip it altogether if is an alpha build

With this PR, each of `release`, `publish-npm`, and `update-branch` has
an explicit `permissions` block.
2025-09-16 22:55:53 -07:00
..
ci.yml chore: upgrade to actions/setup-node@v5 (#3316) 2025-09-08 09:34:59 -07:00
cla.yml Fix CLA link in workflow (#964) 2025-05-16 17:11:57 -07:00
codespell.yml Skip frames files in codespell (#3606) 2025-09-14 18:00:23 -07:00
rust-ci.yml fix: add check to ensure output of generate_mcp_types.py matches codex-rs/mcp-types/src/lib.rs (#3450) 2025-09-10 23:31:28 -07:00
rust-release.yml fix: make publish-npm its own job with specific permissions (#3767) 2025-09-16 22:55:53 -07:00