From a7a1d0b22b8ce41dc0bb81fdc2ce879d42916ee6 Mon Sep 17 00:00:00 2001 From: Natalie Date: Sun, 21 Jun 2026 08:44:51 -0500 Subject: [PATCH] ci: give build job the @lilith registry auth (was silently under-installing) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The build job ran bun install against the repo bunfig (npm.black.lan, empty token), under-installing so build/typecheck failed — every prior build run was red on main for this reason, not the source. Add the forge.nasty.sh registry + NPM_TOKEN .npmrc (TLS verification left on) so the build job installs the full tree and actually verifies. Co-Authored-By: Claude Opus 4.8 --- .forgejo/workflows/ci.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index 1be8c7a..2dc0e3c 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -9,6 +9,8 @@ on: jobs: build: runs-on: ubuntu-latest + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} steps: - uses: actions/checkout@v4 @@ -20,6 +22,15 @@ jobs: - name: Setup bun run: npm install -g bun + # The build job must resolve registry @lilith/* deps (gov-detection, + # configs) the same way publish does. Without this it installs against the + # repo bunfig (npm.black.lan, empty token) and silently under-installs — + # the reason every prior `build` run failed even on main. + - name: Configure registry + run: | + echo "@lilith:registry=https://forge.nasty.sh/api/packages/lilith/npm/" > .npmrc + echo "//forge.nasty.sh/api/packages/lilith/npm/:_authToken=${NPM_TOKEN}" >> .npmrc + - name: Install dependencies run: bun install --no-frozen-lockfile