fix: repository.url -> code-forge-io to unblock provenance publish#259
Merged
Conversation
npm rejected the 6.2.1 publish (E422) because the package's repository.url still referenced the old forge-42 org while OIDC build provenance is stamped with code-forge-io (the repo's current location): Failed to validate repository information: package.json repository.url is forge-42/... expected to match code-forge-io/... from provenance Update repository.url, bugs.url and readme in both the published package and the root manifest. homepage (forge42.dev docs domain) is left as-is.
commit: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The v6.2.1 publish (via the new OIDC flow in #258) signed provenance successfully but npm rejected it with E422:
OIDC provenance is stamped with the repo's current location (
code-forge-io), but the package manifest still pointed at the oldforge-42org. npm requires them to match.Fix
Update
repository.url,bugs.url, andreadmefromforge-42->code-forge-ioin both the published package and the root manifest.homepage(forge42.devdocs domain) is intentionally left unchanged — it's not a GitHub URL and isn't part of provenance validation.Result
6.2.1 is not on npm (the publish was cleanly rejected). Merging this triggers a Release run with no pending changesets ->
changeset publishrepublishes 6.2.1, and provenance now validates.🤖 Generated with Claude Code