Skip to content

fix(npm): Actually use NPM_TOKEN for publishing #130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 15, 2020
Merged

fix(npm): Actually use NPM_TOKEN for publishing #130

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cf98074
fix(npm): Actually use NPM_TOKEN for publishing
BYK Oct 15, 2020
3ac87be
correct changelog pr no
BYK Oct 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

- feat(docker): Add sourceFormat & targetFormat options (#125)
- feat(targets): Add optional `id` field to target config (#128)
- fix(npm): Actually use NPM_TOKEN for publishing (#130)

## 0.11.1

Expand Down
36 changes: 20 additions & 16 deletions src/targets/npm.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,6 @@ export const YARN_BIN = process.env.YARN_BIN || 'yarn';
const NPM_MIN_MAJOR = 5;
const NPM_MIN_MINOR = 6;

/**
* Parameter used to reset NPM to its default registry.
* If launched from yarn, this parameter is overwritten.
* @see https://github.com/lerna/lerna/issues/896#issuecomment-311894609
*/
export const NPM_REGISTRY = '--registry=https://registry.npmjs.org/';

/** A regular expression used to find the package tarball */
const DEFAULT_PACKAGE_REGEX = /^.*\d\.\d.*\.tgz$/;

Expand All @@ -50,6 +43,8 @@ export interface NpmTargetOptions extends TargetConfig {
useOtp?: boolean;
/** Do we use Yarn instead of NPM? */
useYarn: boolean;
/** Value of NPM_TOKEN so we can pass it to npm executable */
token: string;
}

/** Options for running the NPM publish command */
Expand Down Expand Up @@ -132,16 +127,14 @@ export class NpmTarget extends BaseTarget {
* Extracts NPM target options from the raw configuration
*/
protected getNpmConfig(): NpmTargetOptions {
// TODO figure out how to pass the token to NPM.
// There are no env vars we can pass, only .npmrc approach seems to work

// const npmToken = process.env.NPM_TOKEN;
// if (!npmToken) {
// throw new Error('NPM target: NPM_TOKEN not found in the environment');
// }
const token = process.env.NPM_TOKEN;
if (!token) {
throw new Error('NPM target: NPM_TOKEN not found in the environment');
}

const npmConfig: NpmTargetOptions = {
useYarn: !hasExecutable(NPM_BIN),
token,
};
if (this.config.access) {
if (Object.values(NpmPackageAccess).includes(this.config.access)) {
Expand Down Expand Up @@ -170,6 +163,12 @@ export class NpmTarget extends BaseTarget {
path: string,
options: NpmPublishOptions
): Promise<any> {
/**
* Parameter used to reset NPM to its default registry.
* If launched from yarn, this parameter is overwritten.
* @see https://github.com/lerna/lerna/issues/896#issuecomment-311894609
*/
const NPM_REGISTRY = `--registry=https://registry.npmjs.org/:_authToken=${this.npmConfig.token}`;
const args = ['publish', NPM_REGISTRY, path];
let bin: string;

Expand Down Expand Up @@ -197,11 +196,16 @@ export class NpmTarget extends BaseTarget {
// Pass OTP if configured
const spawnOptions: SpawnOptions = {};
if (options.otp) {
spawnOptions.env = { ...process.env, NPM_CONFIG_OTP: options.otp };
spawnOptions.env = {
...process.env,
NPM_CONFIG_OTP: options.otp,
};
}

// Disable output buffering because NPM/Yarn can ask us for one-time passwords
return spawnProcess(bin, args, spawnOptions, { showStdout: true });
return spawnProcess(bin, args, spawnOptions, {
showStdout: true,
});
}

/**
Expand Down