From 4265d35be64d40e546abd80b9c6a50d5902df8a2 Mon Sep 17 00:00:00 2001 From: Mike Hardy Date: Mon, 16 Dec 2024 21:44:44 -0500 Subject: [PATCH] release: running npm audit signatures is not necessary during publish it is interesting, but not required, and it fails if for instance you have a release that isn't published on npm. Which happens to be exactly the situation right now for this package, so it breaks publishing --- .github/workflows/publish.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ea4fb2d2..4ae9e7fd 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -32,8 +32,6 @@ jobs: # there will be errors related to pod-install but we can ignore them - name: Install dependencies using NPM run: npm i - - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies - run: npm audit signatures - name: Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}