Skip to content

Fix nightly publish workflow to handle missing secrets gracefully#14

Draft
Copilot wants to merge 4 commits intomainfrom
copilot/update-agentkit-actions-workflow
Draft

Fix nightly publish workflow to handle missing secrets gracefully#14
Copilot wants to merge 4 commits intomainfrom
copilot/update-agentkit-actions-workflow

Conversation

Copy link
Copy Markdown

Copilot AI commented Jan 6, 2026
edited
Loading

Description

The nightly publish workflow (run #20733186497) was failing when PYPI_API_TOKEN and NPM_TOKEN secrets were not configured (e.g., in forks), causing hard failures with cryptic auth errors.

Updated workflow to check for token presence before publish attempts:

PyPI job changes:

  • Check PYPI_TOKEN env var before poetry publish
  • Skip publish with clear warning when token absent
  • Continue building packages regardless

NPM job changes:

  • Check NODE_AUTH_TOKEN before npm publish
  • Skip publish with clear warning when token absent
  • Exit 0 to avoid failing workflow

Additional fixes:

  • Added missing permissions block to PyPI job for OIDC support
  • Clarified secret-to-env-var mappings in warning messages

Workflow now succeeds in environments without publish credentials while providing actionable feedback on what's needed for actual publishing.

Tests

Workflow changes validated:

  • YAML syntax check passed
  • Security scan: 0 alerts
  • Code review feedback addressed

Checklist

  • Added documentation to all relevant README.md files
  • Added a changelog entry
Original prompt

Reference: https://github.com/conjon611/agentkit/actions/runs/20733186497

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 3 commits January 6, 2026 00:49
@conjon611
Fix nightly publish workflow to handle missing secrets gracefully
3e0784d 
Co-authored-by: conjon611 <35982885+conjon611@users.noreply.github.com>
@conjon611
Clarify NODE_AUTH_TOKEN vs NPM_TOKEN in warning message
8858c73 
Co-authored-by: conjon611 <35982885+conjon611@users.noreply.github.com>
@conjon611
Clarify PYPI_API_TOKEN vs PYPI_TOKEN in warning message
657617c 
Co-authored-by: conjon611 <35982885+conjon611@users.noreply.github.com>
Copilot AI changed the title [WIP] Update AgentKit actions workflow Fix nightly publish workflow to handle missing secrets gracefully Jan 6, 2026
Copilot AI requested a review from conjon611 January 6, 2026 00:52
@conjon611
Copy link
Copy Markdown
Owner

conjon611 commented Jan 19, 2026

@copilot what does this do?

Copy link
Copy Markdown
Author

Copilot AI commented Jan 19, 2026

@copilot what does this do?

This PR fixes the nightly publish workflow that was failing when PYPI_API_TOKEN and NPM_TOKEN secrets aren't configured (like in forks).

What changed:

  • Added checks before publishing to NPM/PyPI - if the tokens are missing, the workflow prints a helpful warning and skips publishing instead of failing with cryptic auth errors
  • Packages still get built and version numbers still get updated - only the publish step is skipped
  • Added better error messages explaining which secrets need to be configured

Result: The workflow now succeeds even without publish credentials, making it fork-friendly while still publishing packages when the secrets are properly configured in the original repo.

Commits: 3e0784d, 8858c73, 657617c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@conjon611 conjon611 conjon611 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@conjon611 conjon611

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@conjon611