When a tagged release lands on master, both the master-push and tag-push
events trigger the publish job. The skip-on-exists check (`npm view`)
runs concurrently on both, both see the version as not-yet-published,
and both proceed to `npm publish`. The first wins; the second gets
E403 ("cannot publish over previously published versions") and reds
out the run.
Fixes the race by adding a publish-${{ github.sha }} concurrency group
so the second run queues until the first finishes — by then npm view
sees the published version and the skip path takes over cleanly.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Update repository, bugs, and homepage URLs in package.json to use
the correct farhoodlabs GitHub org
- Add NODE_AUTH_TOKEN: NPM_TOKEN to the CI publish step so the newly
added NPM_TOKEN secret is picked up for authentication
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Replaces NPM_TOKEN secret with id-token: write + --provenance so
publishing uses GitHub's OIDC token directly. No repository secret
required; provenance attestation is generated automatically.
Also collapses the redundant second setup-node step (registry-url is
now set on the first one).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- CI publish job failed because it tried to re-publish existing versions
(npm returns 404 for scoped packages on duplicate version). Added a
version-exists check before npm publish to skip gracefully.
- Also fixed the auth env var from NPM_TOKEN to NODE_AUTH_TOKEN which
is what actions/setup-node's registry-url option expects.
- Added missing core and operational fields to getConfigSchema() so the
Paperclip UI surfaces model, effort, maxTurnsPerRun, skipPermissions,
instructionsFilePath, timeoutSec, and graceSec alongside existing K8s
infrastructure fields.
- Bumped version to 0.1.10.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Runs typecheck and tests on push/PR to master, then publishes to npm
on successful master pushes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>