actions
How to install/publish packages from multiple `@scope` and multiple registers?
How to install packages from multiple @scope and multiple registers?
I have settings .npmrc in the root of the project:
@scope1:registry=https://npm.pkg.github.com
@scope2:registry=https://npm.pkg.github.com
@scope3:registry=https://npm.anysite.org
@scope4:registry=https://registry.npmjs.org
and npmjs.com by default for a public
I need to create something like this settings .npmrc in the home folder before installing:
//npm.pkg.github.com/:_authToken=<TOKEN_A>
//nnpm.anysite.org/:_authToken=<TOKEN_B>
//registry.npmjs.org/@scope4/:_authToken=<TOKEN_C>
or
//npm.pkg.github.com/@scope1/:_authToken=<TOKEN_A1>
//npm.pkg.github.com/@scope2/:_authToken=<TOKEN_A2>
//nnpm.anysite.org/:_authToken=<TOKEN_B>
//registry.npmjs.org/@scope4/:_authToken=<TOKEN_C>
given this: #49, #52, #53, #64. a the optimal solution would be something like this:
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 10.x
npm-registry:
- registry: 'https://npm.pkg.github.com'
scope: '@scope1'
token: '${{secrets.GITHUB_TOKEN}}'
- registry: 'https://npm.pkg.github.com'
scope: '@scope2'
token: '${{secrets.GITHUB_TOKEN_THIRD_PARTY}}'
- registry: 'https://nnpm.anysite.org'
token: '${{secrets.ANYSITE_TOKEN}}'
- registry: 'https://registry.npmjs.org'
scope: '@scope4'
token: '${{secrets.NPMJS_TOKEN}}'
- run: npm install
- run: npm test
- run: npm publish
where,
npm-registry - written in .npmrc in the home folder, and is used for all subsequent commands
GITHUB_TOKEN - access the current organization
GITHUB_TOKEN_THIRD_PARTY - may be a Personal access tokens. Or a Organization access tokens. Yeah, that's really missing on GitHub, but this would be crucial for using third-party packages from a security perspective
This solution would be universal for both installing and publishing packages, including publishing into multiple repositories at once.
For example, a package named in GPRS @eslint/eslint, and for npmjs.org - eslint.
npm-registry:
- registry: 'https://npm.pkg.github.com'
scope: '@eslint'
token: '${{secrets.GITHUB_TOKEN}}'
It will be enough to call 2 times npm publish, changing before the second call field name in package.json
If the name is the same, make a second call to setup-mode to configure
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 10.x
npm-registry:
- registry: 'https://npm.pkg.github.com'
scope: '@scope'
token: '${{secrets.GITHUB_TOKEN}}'
- run: npm install
- run: npm test
- run: npm publish
- uses: actions/setup-node@v1
with:
npm-registry:
- registry: 'https://registry.npmjs.org'
token: '${{secrets.NPMJS_TOKEN}}'
- run: npm publish
or publish from different folders in root project
- run: npm publish ./f1
- run: npm publish ./f2
- run: npm publish ./f3
node-version: 10.x npm-registry: - registry: 'https://npm.pkg.github.com' scope: '@scope1' token: '${{secrets.GITHUB_TOKEN}}' - registry: 'https://npm.pkg.github.com' scope: '@scope2' token: '${{secrets.GITHUB_TOKEN_THIRD_PARTY}}' - registry: 'https://nnpm.anysite.org' token: '${{secrets.ANYSITE_TOKEN}}' - registry: 'https://registry.npmjs.org' scope: '@scope4' token: '${{secrets.NPMJS_TOKEN}}'
This didnt work for me. Is there another way for specifing multiple scopes?
EDIT: We ended up introducing a .yarnrc
@WtfJoke Read carefully - he's suggesting a great way to implement it if this support is added. It's not supported currently, so... yeah. It won't work.
Is there support in general for scopes? I wasn't able to find anything in the readme for this action about scopes, but my case is slightly different as I only need one scope at the time being.
I am publishing on the GitHub Registry and my .npmrc file looks like this:
@tucsonlabs:registry=https://npm.pkg.github.com/tucsonlabs:_authToken=$NPM_CONFIG_TOKEN
Should I file a separate ticket for this or is it supported already (or documented somewhere I missed)?
I'm just learning GitHub actions, so I assume that if this isn't supported, I could just copy a slightly different version of this file to support the environment variable passed in via this action. Would that work?
@jwlms yeah one scope is already supported see here the official example:
name: Node.js Package
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# Setup .npmrc file to publish to GitHub Packages
- uses: actions/setup-node@v2
with:
node-version: '12.x'
registry-url: 'https://npm.pkg.github.com'
# Defaults to the user or organization that owns the workflow file
scope: '@octocat'
- run: npm install
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Always check out the action.yml of an action it defines all possible inputs/outputs.
You can adapt it to your needs :)
Thanks! I will keep that tip in mind for next time. FWIW: I ended up just writing a temporary .npmrc file with the scope prefixing the registry like in my comment above.
Is there any plans to implement this? And what is the current workaround (e.g. how do you write your .npmrc file in the action)?
And what is the current workaround (e.g. how do you write your
.npmrcfile in the action)?
We have a file called .npmrc_ci and then replace the environment variable in the action run.
.npmrc_ci:
always-auth = true
@bar:registry=https://someartifactory.jfrog.io/artifactory/api/npm/public-npm/
@foo:registry=https://someartifactory.jfrog.io/artifactory/api/npm/public-npm/
//someartifactory.jfrog.io/artifactory/api/npm/public-npm/:_authToken=${NODE_AUTH_TOKEN}
This is the workflow step which replaces the variable:
- name: Prepare npmrc
run: envsubst < .npmrc_ci > .npmrc
env:
NODE_AUTH_TOKEN: '${{ secrets.NODE_AUTH_TOKEN}}'
I dont think there is an easy fix for that issue. As far as I know its not possible to provide lists as action input variables (only single value/key), see https://github.com/actions/toolkit/issues/184. So you probably end up with some separator which doesnt look nice.
this would be a really nice feature to add. It's currently a pain to use with private repos and checking in a file with vars isn't working.
If I can get a thumbs up from maintainers to quickly review, I'll write the PR for it.
It looks like lists as shown in the original requirements are not yet available (https://github.com/actions/toolkit/issues/184) but we could use multiline inputs as those appear to have been merged (https://github.com/actions/toolkit/pull/829), though not sure how that would look in practice.
One option, less than the original request but perhaps a step in the right direction would be to have a scopes attribute that would take comma separated list. This wouldn't be useful if you have multiple registries but would be useful for multiple GitHub orgs each with private packages.
More flexible but harder to use, would be to have an npmrcLines attribute that just inserts lines into npmrc and does token substitution for secrets so you could build your own entries without having to directly manipulate the file as the current work arounds require. Open to better naming and points of view on best route forward.
node-version: 10.xnpm-registry:- registry: 'https://npm.pkg.github.com'scope: '@scope1'token: '${{secrets.GITHUB_TOKEN}}'- registry: 'https://npm.pkg.github.com'scope: '@scope2'token: '${{secrets.GITHUB_TOKEN_THIRD_PARTY}}'- registry: 'https://nnpm.anysite.org'token: '${{secrets.ANYSITE_TOKEN}}'- registry: 'https://registry.npmjs.org'scope: '@scope4'token: '${{secrets.NPMJS_TOKEN}}'This didnt work for me.
Is there another way for specifing multiple scopes?
EDIT: We ended up introducing a .yarnrc
1
