Override npm project auth token with user auth token? - npm

I've got a project that includes a $PROJECT/.npmrc that has an auth token granting read-only access to the proviat repos required by the project:
$ cat .npmrc
//registry.npmjs.org/:_authToken={read-only-token}
How can I override that token with my user token so I can publish packages?
$ cat ~/.npmrc
//registry.npmjs.org/:_authToken={my-token}
The documentation states that config files will be loaded in "priority order", where the project configuration has the highest priority, and there doesn't seem to be any way to override this:
$ cd my-project/
$ npm whoami
project-readonly-user
$ cd ~
$ npm whoami
wolever
I know that it's possible to define an NPM_TOKEN environment variable:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
But this means that every user of the project will need to define the NPM_TOKEN environment variable, which is undesirable (ie, because it means that every user - including read-only users - will need to define an NPM_TOKEN environment variable before they can use the project).

Just found a solution.
Edit your .npmrc file:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
Every time you want to publish(powershell):
$env:NPM_TOKEN="the-token"
npm publish --access public --registry https://registry.npmjs.org

Obviously the docs have change and setting the auth Token via CLI is not possible anymore on npm publish, so I provide more solution for using NPM with Github Actions + Font Awesome PRO + Github Package Registry:
name: Node.js Package
on:
release:
types: [created]
workflow_dispatch:
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout 🛎
uses: actions/checkout#master
- name: Setup node env 🏗
uses: actions/setup-node#v2
with:
node-version: '14.x'
registry-url: 'https://npm.pkg.github.com'
scope: '#mindfuel'
- name: Install Packages 🦺
run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build 👷🏼
run: npm run build
- name: Prepare NPM Config 👮🏽‍♂️
run: rm -f .npmrc
- name: Setup publishing Env 🏗
uses: actions/setup-node#v2
with:
node-version: '14.x'
registry-url: 'https://npm.pkg.github.com'
scope: '#mindfuel'
- name: Publish Package 🚀
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
For me the trick is to recall setup-node after deleting the existing .npmrc.
We have a shared .npmrc that all developers use. It includes a READ ONLY token to our companies registry:
# Font Awesome Pro Config
#fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=<your-token>
# Private Packages
#<github-username-or-org>:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=<the-read-only-token>

CLI arguments have precedence over local .npmrc config, so you could overwrite it this way:
npm publish --registry=https://registry.npmjs.org/:_authToken={my-token}
You could add an npm script for publishing that depends on an environment variable with a private token:
{
"scripts": {
"publish": "npm publish --registry=https://registry.npmjs.org/:_authToken=${NPM_PUBLISH_TOKEN}"
}
}

Related

How can I deploy a package to a private npm repository from Circleci?

I have read through many stack overflow questions and official documentation from Circleci but for some reason it will not let me publish packages via ci/cd.
No matter what I do I consistently get the following
error message
I have reset the NPM_TOKEN and know that it is correct and I don't see the issue with my code. according to the docs it should work but it does not. Am I missing something obvious?
Here is what I have tried
jobs:
publish:
executor: node
steps:
- checkout
- install
- run:
name: Build package
command: yarn build // tsc builds package to the lib directory
- run:
name: Authenticate with registry
command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
- run:
name: Publish library
command: npm publish lib
also
jobs:
publish:
executor: node
steps:
- checkout
- install
- run:
name: Build package
command: yarn build // tsc builds package to the lib directory
- run:
name: Authenticate with registry
command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/project/.npmrc
- run:
name: Publish library
command: npm publish lib
and
jobs:
publish:
executor: node
steps:
- checkout
- install
- run:
name: Build package
command: yarn build
- run:
name: Publish library
command: |
npm set //registry.npmjs.org/:_authToken=$NPM_TOKEN
npm publish lib
and a few other variations but they were more tinkering, the above are examples that I have seen as documentation

Increase the NPM Package version automatically

I am creating my own NPM packages for the first time. For each commit, 1/ The package version should increase on the NPM registry, 2/ Update the package.json file in the github repository.
.github/workflows/publish.yml
on:
push:
branches:
- main
env:
version: 0
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: AutoModality/action-clean#v1
- uses: actions/checkout#v2
with:
ref: 'main'
fetch-depth: 0
- uses: actions/setup-node#v2
with:
node-version: 12
registry-url: https://npm.pkg.github.com/
scope: "#nandhirajan-tfi"
- run: echo "version=$(npm show #nandhirajan-tfi/my-package version)" >> $GITHUB_ENV
- run: npm version ${{env.version}} --no-git-tag-version --allow-same-version
- run: npm install
- run: npm build
- run: npm version patch -m "[RELEASE] %s" --no-git-tag-version --allow-same-version
- run: npm publish
env:
credentials: ${{secrets.GITHUB_TOKEN}}
GitHub Actions Output:
The above log says that the npm publish command has updated the NPM Version to 1.11.18. But the changes are not reflecting on the NPM registry.
Any help would be appreciated.
First of all you need to retrieve your package.json version. You can use the action ga-project-version for that.
Example:
name: release
on:
push:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
# This is how you use the ga-project-version action
- name: Get version of the project
id: project-version
uses: 'euberdeveloper/ga-project-version#main'
# In this step the exposed version is used as tag of a github release to publish
- name: Add release
uses: "marvinpinto/action-automatic-releases#latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
# This is how you access the exposed version
automatic_release_tag: "${{ steps.project-version.outputs.version }}"
title: "Deploy"
files: |
backend.tar.gz
As you can see, you will have the version available in "${{ steps.project-version.outputs.version }}".
After that the question is with which logic you will augment your version, e.g. the simplest one would be increasing the last number, but it's not a good idea, it'd not be semver.
After that you can use your custom way to get the newer version by using the current one as input ("${{ steps.project-version.outputs.version }}"`).
After having the new version, just edit the package.json (e.g. sed command) to write the new version, and commit it (e.g. stefanzweifel/git-auto-commit-action action).
In the end you can publish your npm package from the github action (follow this link)

Github action is showing error when there is a private repository in the package json

I have this line in the dependency section of package.json file.
"<repository>": "git+ssh://git#github.com:<userName>/<repository>"
I have setup ssh in my github account and when I do npm install locally, it works correctly. As a new requirement, I am using github actions to automate this workflow.
This is the part of the yml file
steps:
- uses: actions/checkout#v2
- name: webfactory/ssh-agent
uses: webfactory/ssh-agent#v0.5.3
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Set up Node Js version as ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: Install The Dependencies
run: npm install
Install The Dependencies step is failing and this error is seen in github actions
npm ERR! /usr/bin/git ls-remote -h -t ssh://git#github.com/<username>/<repository>
npm ERR!
npm ERR! remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
Thanks in advance for any solutions.
I think u can solve this buy publishing the repo, plz try that and let me know if it's worked

AWS install github private package in codeBuild

Hi I have codepipeline to deploy my angular app, and in that app I am using my private github package. Everything is working locally etc. But on codeBuild I have no idea how to register into github package repository.
my buildspec looks like:
version: 0.2
env:
variables:
S3_BUCKET: "{{s3_bucket_url}}"
BUILD_ENV: "{{BUILD_ENV}}"
BUILD_FOLDER: "dist"
phases:
install:
runtime-versions:
nodejs: 14
pre_build:
commands:
- echo Installing source NPM dependencies...
- npm install
- npm install -g #angular/cli
build:
commands:
- echo Build started on `date` with $BUILD_ENV flag.
- ng build $BUILD_ENV
post_build:
commands:
- echo Build completed on `date`
artifacts:
files:
- '**/*'
base-directory: 'dist*'
if fails on npm install because 404 Not Found - GET https://registry.npmjs.org. For example in github actions I just simply define registry-url: 'https://npm.pkg.github.com' and thats correct.
Thanks for help :)
It fails because, in the execution context of the CodeBuild process, access to the repo containing the GitHub package is restricted, so it can't find the package because it doesn't have access to the repo's packages. You will need to authenticate to the GitHub Package API.
One way to authenticate is to create a Personal Access Token, include it in your CodeBuild Environment by linking a secret in the SecretsManager, then accessing that token in your buildspec script in the env section:
Create a personal access token: In GitHub, create a Personal access token with the read:packages permission. Here's a link to a tutorial on how to do that.
Register token as a secret in Secrets Manager: In SecretsManager, create a secret with one entry. Name the key of the entry GH_PERSONAL_ACCESS_TOKEN, and in the value field, provide the token that you created in step 1. Pick a descriptive name for your secret (something like codebuild/gh_token). Take note of the secret's name.
Authenticate to GitHub Packages using the Personal Access Token: In your buildspec script, you will need to retrieve the secret containing your Personal Access Token, then use that to authenticate before you run the npm install command:
env:
secrets-manager:
GH_PERSONAL_ACCESS_TOKEN: {SECRET_ARN}:PERSONAL_ACCESS_TOKEN # <- replace {SECRET_ARN} with arn of secret
phases:
#...
pre_build:
commands:
- echo Installing source NPM dependencies...
# this is needed to set the url where the package is located
- npm config set #OWNER:registry https://npm.pkg.github.com # <- replace OWNER with the organization/owner name
# this is needed to set the personal access token that we created
- npm config set //npm.pkg.github.com/:_authToken $GH_PERSONAL_ACCESS_TOKEN
- npm install
- npm install -g #angular/cli

How to ask travis to deploy on npm only when merged on master branch?

We are configuring a public project on github.
We would like our travis job to run test & build on every PR, and deploy (npm publish) only on accepted MR on master.
We have tried this config but it is not working :
language: node_js
node_js:
- 10.16.0
before_script:
- npm run build
deploy:
provider: npm
email: "myemail#example.com"
api_key:
secure: "our secure key that is irrelevant for this question"
after_deploy:
- ./script/updateNpmVersion.sh
on:
branch: master
And ./script/updateNpmVersion.sh
#!/bin/bash
git pull develop
npm version minor
git add package.json
git commit -m "bump npm version"
git push origin develop
But it is not working. Deploy is basically never called.
I think there is a syntax issue. Your after_deploy script should be executed after the deploy step is finished. Also, you can try providing a particular repository that should be used for deployment while configuring the on key.
Another thing, you might need to grant needed permission to execute your updateNpmVersion.sh script. So your final yml file should look something like this
language: node_js
node_js:
- 10.16.0
before_script:
- npm run build
- chmod +x ./script/updateNpmVersion.sh
deploy:
provider: npm
email: "myemail#example.com"
api_key:
secure: "our secure key that is irrelevant for this question"
on:
repo: OWNER_NAME/REPO_NAME
branch: master
after_deploy:
- ./script/updateNpmVersion.sh