ci: fix publish pipeline — automate npm + repair MCP Registry auth#46
Merged
Conversation
The publish-mcp workflow failed on every tag since v0.45.0 with "not authenticated, run 'mcp-publisher login' first": the modern mcp-publisher splits auth from publish, but the step still called the removed `publish --github-oidc` flag. server.json was also frozen at 0.19.2, so even a successful publish would have shipped a stale version. - Split into two ordered jobs: `npm` (publish to npmjs) then `mcp` (publish to the MCP Registry, which validates the npm version exists). - npm job verifies the tag matches package.json before publishing, uses NODE_AUTH_TOKEN from the NPM_TOKEN secret. - mcp job syncs server.json (top + packages[].version) to the tag, runs `mcp-publisher login github-oidc`, then `publish`. - Add workflow_dispatch for manual re-runs. - Bump committed server.json 0.19.2 -> 0.45.1. Requires repo secret NPM_TOKEN (npm automation token with publish rights). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
publish-mcp.ymlhas failed on every tag since v0.45.0:The step called
mcp-publisher publish --github-oidc, but modernmcp-publishersplit auth out ofpublish— you mustmcp-publisher login github-oidcfirst. On top of that,server.jsonwas frozen at 0.19.2, so even a working publish would have shipped a stale version. And npm publish was fully manual, so the MCP Registry (which validates the referenced npm version exists) had nothing to point at for new versions.Fix
Rewrote the workflow into two ordered jobs on a
v*tag (+workflow_dispatchfor manual re-runs):npm ci, verify the tag matchespackage.jsonversion, thennpm publish --access publicusingsecrets.NPM_TOKEN.needs: npm) — syncserver.json(version+packages[].version) to the tag,mcp-publisher login github-oidc, thenmcp-publisher publish.Also bumped committed
server.json0.19.2 → 0.45.1.mcpNameinpackage.jsonalready matches theserver.jsonname, so the Registry's npm-ownership check passes once the npm version is live (hence npm-before-mcp ordering).Action required before this works
Add a repo secret
NPM_TOKEN— an npm automation token with publish rights fortoken-pilot. Without it thenpmjob fails at publish.Validation
server.jsonsync snippet tested locally →0.45.1in both fields.0.45.1.🤖 Generated with Claude Code