Skip to content

Commit 65b0096

Browse files
committed
docs: note Automation npm token required for CI publish (fix EOTP)
1 parent 4a45489 commit 65b0096

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

CONTRIBUTING.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ pnpm check-boundary
5050

5151
Local one-off releases can still use `pnpm release` (`validate:publish` + `changeset publish`) from a trusted machine; prefer the tag workflow for production npm publishes.
5252

53+
**GitHub Actions publish (`EOTP` / “requires a one-time password”):** CI cannot pass `--otp`. The `NPM_TOKEN` secret must be a **classic [Automation token](https://docs.npmjs.com/creating-and-viewing-access-tokens)** (“For automating publishing in CI/CD workflows”) — those publishes **do not** require 2FA/OTP. If you use a **Publish** classic token or a **granular** token, npm may still demand OTP on publish and the job will fail. Fix: create a new **Automation** token, update the repo secret, re-run the workflow. Disabling 2FA on the npm account is not the right fix; the token type is.
54+
5355
## Pull request conventions
5456

5557
- Keep PR scope focused to one feature/fix area

0 commit comments

Comments
 (0)