Fix npm trusted publishing by making build.yaml the sole entry point
npm's trusted publishing (OIDC) validates the directly triggered workflow, not reusable workflows called via workflow_call. This was causing publish failures because npm was looking for the caller workflow instead of the reusable workflow. Changes: - build.yaml: Changed from workflow_call to workflow_run + workflow_dispatch triggers, making it the sole entry point for npm publishing - main.yaml: Renamed workflow to 'main', removed publish-npm job (now handled automatically by build.yaml via workflow_run) - publish-pr.yaml: Changed to trigger build.yaml via workflow_dispatch API instead of calling it as a reusable workflow See: https://docs.npmjs.com/trusted-publishers/ Co-Authored-By:Claude Opus 4.5 <noreply@anthropic.com>
Loading
Please register or sign in to comment