From 156950828e8c25f9de346c7cd737f1d0ebc8c1fb Mon Sep 17 00:00:00 2001
From: Divy Srivastava <dj.srivastava23@gmail.com>
Date: Wed, 6 Mar 2024 18:26:20 +0530
Subject: fix(publish): permissionless dry-run in GHA (#22679)

Fixes https://github.com/denoland/deno/issues/22658
---
 cli/tools/registry/auth.rs | 6 ++++++
 cli/tools/registry/mod.rs  | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'cli')

diff --git a/cli/tools/registry/auth.rs b/cli/tools/registry/auth.rs
index 3d40fa766..820d3b6b6 100644
--- a/cli/tools/registry/auth.rs
+++ b/cli/tools/registry/auth.rs
@@ -43,7 +43,13 @@ fn get_gh_oidc_env_vars() -> Option<Result<(String, String), AnyError>> {
 
 pub fn get_auth_method(
   maybe_token: Option<String>,
+  dry_run: bool,
 ) -> Result<AuthMethod, AnyError> {
+  if dry_run {
+    // We don't authenticate in dry-run mode.
+    return Ok(AuthMethod::Interactive);
+  }
+
   if let Some(token) = maybe_token {
     return Ok(AuthMethod::Token(token));
   }
diff --git a/cli/tools/registry/mod.rs b/cli/tools/registry/mod.rs
index 4af0f73b9..9c670ebc1 100644
--- a/cli/tools/registry/mod.rs
+++ b/cli/tools/registry/mod.rs
@@ -884,7 +884,8 @@ pub async fn publish(
 ) -> Result<(), AnyError> {
   let cli_factory = CliFactory::from_flags(flags).await?;
 
-  let auth_method = get_auth_method(publish_flags.token)?;
+  let auth_method =
+    get_auth_method(publish_flags.token, publish_flags.dry_run)?;
 
   let import_map = cli_factory
     .maybe_import_map()
-- 
cgit v1.2.3