Gitea_Action/setup-node
1
0
Fork 0
mirror of https://github.com/actions/setup-node.git synced 2026-05-15 09:09:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Clarify OIDC requirements in advanced usage documentation

Browse Source
This commit is contained in:
chiranjib-swain 2026-04-23 08:09:21 +05:30
parent 7ff57b903d
commit d77de13a55
1 changed files with 1 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/advanced-usage.md
View File

@ -495,7 +495,7 @@ You must also configure a **Trusted Publisher** in npm for your package/scope th
```yaml
permissions:
contents: read
id-token: write
id-token: write # Required for OIDC
steps:
- uses: actions/checkout@v6
@ -510,14 +510,6 @@ You must also configure a **Trusted Publisher** in npm for your package/scope th
- run: npm publish
```
### Important
* `id-token: write` is required for OIDC authentication
* `contents: read` is required for repository access
* If a Trusted Publisher is configured with a GitHub Actions **environment**, it must also be set on the job (e.g. `environment: release`).
OIDC authentication is handled automatically via GitHub's identity token.
> **Note**: If the Trusted Publisher configuration (GitHub owner/repo/workflow file, and optional environment) does not match the workflow run identity exactly, publishing may fail with **E404 Not Found** even if the package exists on npm.
For more details, see the [npm Trusted Publishers documentation](https://docs.npmjs.com/trusted-publishers) and the [GitHub Actions OpenID Connect (OIDC) overview](https://docs.github.com/en/actions/concepts/security/openid-connect).