From e39f21a126693e04e9dfaacf6808544d91484f47 Mon Sep 17 00:00:00 2001
From: pja9362 <pja9362@g.skku.edu>
Date: Thu, 8 Jan 2026 18:32:49 +0900
Subject: [PATCH] =?UTF-8?q?fix:=20canary/rc=20=EC=9B=8C=ED=81=AC=ED=94=8C?=
 =?UTF-8?q?=EB=A1=9C=EC=9A=B0=20OIDC=20=EC=9D=B8=EC=A6=9D=20=EB=B0=A9?=
 =?UTF-8?q?=EC=8B=9D=EC=9C=BC=EB=A1=9C=20=EC=A0=84=ED=99=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- permissions에 id-token: write 추가
- npm_token 입력 제거 (changeset-actions가 OIDC 전용으로 변경됨)
- npm CLI 최신 버전 업그레이드 스텝 추가 (OIDC에 11.5.1+ 필요)
---
 .github/workflows/canary.yml | 13 ++++++++++++-
 .github/workflows/rc.yml     | 10 +++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml
index 9b2e207..5ebff58 100644
--- a/.github/workflows/canary.yml
+++ b/.github/workflows/canary.yml
@@ -6,6 +6,10 @@ on:
         types:
             - created
 
+permissions:
+    id-token: write
+    contents: write
+
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
@@ -28,6 +32,14 @@ jobs:
                   node-version: '22'
                   cache: 'pnpm'
 
+            - name: Check and upgrade npm
+              run: |
+                  echo "Current npm version:"
+                  npm --version
+                  npm install -g npm@latest
+                  echo "Upgraded npm version:"
+                  npm --version
+
             - name: Install Dependencies
               run: pnpm install --frozen-lockfile
 
@@ -39,7 +51,6 @@ jobs:
               with:
                   github_token: ${{ secrets.ACTION_TOKEN }} # Add user PAT if necessary
                   npm_tag: canary # Specify the npm tag to use for deployment
-                  npm_token: ${{ secrets.NPM_TOKEN }} # Provide the token required for npm publishing
                   publish_script: pnpm run release:canary # Script to execute Canary deployment
                   packages_dir: packages # Directory of packages to detect changes (default: packages,share)
                   excludes: '.turbo,.github' # Files or directories to exclude from change detection
diff --git a/.github/workflows/rc.yml b/.github/workflows/rc.yml
index d111cad..3acaf88 100644
--- a/.github/workflows/rc.yml
+++ b/.github/workflows/rc.yml
@@ -9,6 +9,7 @@ on:
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 permissions:
+    id-token: write
     contents: write # to create release
 
 jobs:
@@ -34,6 +35,14 @@ jobs:
                   node-version: '22'
                   cache: 'pnpm'
 
+            - name: Check and upgrade npm
+              run: |
+                  echo "Current npm version:"
+                  npm --version
+                  npm install -g npm@latest
+                  echo "Upgraded npm version:"
+                  npm --version
+
             - name: Install Dependencies
               run: pnpm install --frozen-lockfile
 
@@ -45,7 +54,6 @@ jobs:
               with:
                   github_token: ${{ secrets.ACTION_TOKEN }} # Add user PAT if necessary
                   npm_tag: rc # Specify the npm tag to use for deployment
-                  npm_token: ${{ secrets.NPM_TOKEN }} # Provide the token required for npm publishing
                   publish_script: pnpm run release:canary # Script to execute Canary deployment
                   packages_dir: packages # Directory of packages to detect changes (default: packages,share)
                   excludes: '.turbo,.github' # Files or directories to exclude from change detection