From 5de3d4fb7d4fd68d67b2d3d59d2b58b49c0aae5b Mon Sep 17 00:00:00 2001
From: justsisyphus <sisyphus-dev-ai@users.noreply.github.com>
Date: Fri, 16 Jan 2026 01:23:00 +0900
Subject: [PATCH] fix(ci): add NPM_TOKEN support for npm publishing

npm revoked all classic tokens. Workflow now requires NPM_TOKEN secret
with granular access token for publishing.
---
 .github/workflows/publish.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index be02c6eb..70259df9 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -77,13 +77,11 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: "24"
+          registry-url: "https://registry.npmjs.org"
 
-      - name: Upgrade npm for OIDC trusted publishing
+      - name: Upgrade npm
         run: npm install -g npm@latest
 
-      - name: Configure npm registry
-        run: npm config set registry https://registry.npmjs.org
-
       - name: Install dependencies
         run: bun install
         env:
@@ -139,6 +137,7 @@ jobs:
           VERSION: ${{ inputs.version }}
           CI: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           NPM_CONFIG_PROVENANCE: true
 
       - name: Delete draft release