Skip to content

Configure npm trusted publishing

What problem do you want to solve?

NPM introduced trusted publishing, which eliminates the need for deploy token and uses GitLab OIDC for auth as documented in gitlab-ci-utils/gitlab-ci-templates#371 (closed).

What is the proposed solution?

Configure npm trusted publishing:

  • Remove variable NPM_TOKEN
  • Add variable NPM_PUBLISH_TRUSTED=true
  • Setup npm repository to point to this project, production environment, and disable publish via token
    • Confirm that subgroups work properly
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information