From 9f9205b3f587189b07b5646a87d5266163f62d43 Mon Sep 17 00:00:00 2001 From: Ray Walker Date: Sun, 17 May 2026 20:42:10 +1000 Subject: [PATCH 1/3] fix(ci): sync platform package versions + force local-path publish MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two bugs in the build-native.yml publish job that have been latent since the workflow was first written. Caught both during the local 0.1.2 bootstrap publish — neither would have allowed a successful release-please-driven publish even with a working NPM_TOKEN. 1. Missing `napi version` napi-rs scaffolds npm//package.json files at the version present when `napi build` first ran (here: 0.1.0). The version field stays at that scaffolded value on every subsequent release unless explicitly synced. Without this step, platform packages would publish at 0.1.0 forever even as the parent package bumped. Fix: add `npx napi version` between `napi artifacts` and the publish loop. It reads the parent package's version and writes it into each npm//package.json. 2. `find ... npm publish {}` path interpretation `npm publish npm/darwin-arm64` is interpreted as the GitHub shorthand /, not a local directory. npm tries ssh://git@github.com/npm/darwin-arm64.git, fails with "Permission denied (publickey)" because GHA runners have no SSH key for github.com. Failure visible in run 25986564957. Fix: prefix with `./` to force directory interpretation. --- .github/workflows/build-native.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-native.yml b/.github/workflows/build-native.yml index 300944b..9e2e1e2 100644 --- a/.github/workflows/build-native.yml +++ b/.github/workflows/build-native.yml @@ -167,14 +167,27 @@ jobs: # @napi-rs/cli v3 renamed --artifacts-dir to --output-dir. run: npx napi artifacts --output-dir artifacts + # napi-rs scaffolds npm//package.json files at the + # version present when `napi build` first ran; they don't update + # on subsequent version bumps. Without this sync, the platform + # packages publish at whatever stale version was scaffolded + # (caught locally during the 0.1.2 bootstrap publish). + - name: Sync platform package versions to main package version + working-directory: packages/cachekit-core-ts + run: npx napi version + - name: List platform packages working-directory: packages/cachekit-core-ts run: ls -la npm/*/ - name: Publish platform packages working-directory: packages/cachekit-core-ts + # The ./ prefix forces local-directory interpretation. Without + # it, `npm publish npm/darwin-arm64` is treated as the GitHub + # shorthand /, attempts ssh://git@github.com/npm/ + # darwin-arm64.git, and fails with Permission denied. run: | - find npm -mindepth 1 -maxdepth 1 -type d -exec npm publish {} --access public --provenance \; + find npm -mindepth 1 -maxdepth 1 -type d -exec npm publish ./{} --access public --provenance \; env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From e34c5080ca591f37523899bd389c4b0dcb33cffb Mon Sep 17 00:00:00 2001 From: Ray Walker Date: Sun, 17 May 2026 20:45:49 +1000 Subject: [PATCH 2/3] fix(ci): drop removed --skip-gh-release flag from napi prepublish MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @napi-rs/cli v3 removed --skip-gh-release entirely. The new default behavior is "do not create a GitHub release"; opt in with --gh-release if you want one (we don't — release-please.yml owns GH release creation for both packages via its own action). Caught locally during the 0.1.2 bootstrap publish, same surface as the other two fixes in this PR. --- .github/workflows/build-native.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-native.yml b/.github/workflows/build-native.yml index 9e2e1e2..773bc5d 100644 --- a/.github/workflows/build-native.yml +++ b/.github/workflows/build-native.yml @@ -193,7 +193,9 @@ jobs: - name: Prepare main package working-directory: packages/cachekit-core-ts - run: npx napi prepublish -t npm --skip-gh-release + # @napi-rs/cli v3 removed --skip-gh-release; the default is + # already "no GH release" (opt in via --gh-release if desired). + run: npx napi prepublish -t npm - name: Publish main package working-directory: packages/cachekit-core-ts From fd6c815bcc2e24eac2d7d6466377304c301b54e6 Mon Sep 17 00:00:00 2001 From: Ray Walker Date: Sun, 17 May 2026 20:51:34 +1000 Subject: [PATCH 3/3] fix(ci): explicitly pass --no-gh-release to napi prepublish Addresses PR review feedback. Previously relied on the v3 default of "no GH release" being implicit. The explicit --no-gh-release flag (clipanion-auto-generated negation of --gh-release) makes intent unambiguous so a future default flip in napi-rs can't change behavior silently. Verified the flag is accepted: dry-run exits 0 with --no-gh-release, whereas an invented flag errors with Unsupported option name. The flag doesn't appear in the --help output (clipanion only lists the positive form) but is functional. --- .github/workflows/build-native.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-native.yml b/.github/workflows/build-native.yml index 773bc5d..f5f8efa 100644 --- a/.github/workflows/build-native.yml +++ b/.github/workflows/build-native.yml @@ -193,9 +193,10 @@ jobs: - name: Prepare main package working-directory: packages/cachekit-core-ts - # @napi-rs/cli v3 removed --skip-gh-release; the default is - # already "no GH release" (opt in via --gh-release if desired). - run: npx napi prepublish -t npm + # @napi-rs/cli v3 removed --skip-gh-release. The negation is now + # the clipanion-auto-generated --no-gh-release. Stated explicitly + # so a future default flip can't change behavior silently. + run: npx napi prepublish -t npm --no-gh-release - name: Publish main package working-directory: packages/cachekit-core-ts