cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon semantic-release

Is there a global config I can set?

Open RichardLitt opened this issue 7 years ago • 15 comments

I would like to not have to type my npm and GitHub handles each time I set this up, or to type in my 2FA token. Is there a global config I can set up, and if so, can we add this to the README to make it easier for beginners to set up?

RichardLitt avatar Sep 17 '17 16:09 RichardLitt

this is about the CLI, right? https://github.com/semantic-release/cli

If I recall correctly, you can pass tokens for both GitHub & npm directly so you won’t get asked for username/password, but it is currently not documented in the README. But if you just run semantic-release-cli you get the information:

$ semantic-release-cli 

semantic-release-cli

Usage:
  semantic-release-cli setup [--tag=<String>]

Options:
  -h --help            Show this screen.
  -v --version         Show version.
  --[no-]keychain      Use keychain to get passwords [default: true].
  --ask-for-passwords  Ask for the passwords even if passwords are stored [default: false].
  --tag=<String>       npm tag to install [default: 'latest'].
  --gh-token=<String>  Github auth token
  --npm-token=<String> NPM auth token

Aliases:
  init                 setup

Does that help? If you could update the CLI README, that’d be great 👍

gr2m avatar Sep 17 '17 17:09 gr2m

Yes, this is about the CLI. Thanks for the swift response!

Does this require passing the tokens each time? Is there a way we can set this globally using a config in the env?

RichardLitt avatar Sep 17 '17 17:09 RichardLitt

That I don’t know, I’d have to dig into the CLI code myself :)

I’m also not sure if it’s a good idea to use the same tokens in all your packages. Having different tokens is somewhat a security feature, if one gets compromised, it only gives you access to this one package. I don’t see how letting people globally configure npm/github tokens would make it "make it easier for beginners", it sounds more like a power user feature to me?

gr2m avatar Sep 17 '17 18:09 gr2m

So, I think that's actually a different concern.

14:28 ~/src/a-bear (master) 🐕  semantic-release-cli setup
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? richardlitt
? What is your GitHub username? RichardLitt
? What is your GitHub two-factor authentication code? <redacted>
? What CI are you using? Travis CI
? Do you want a `.travis.yml` file with semantic-release setup? (Y/n)

Here, I shouldn't have to type richardlitt and RichardLitt each time. It would be nice to be able to have a config where these are set. I don't think this is the same as the token flag.

RichardLitt avatar Sep 17 '17 18:09 RichardLitt

okay, so would it help if we’d allow to pass the usernames as CLI arguments? Then you could create an alias like

alias richard-semantic-release-setup="semantic-release-cli setup --github-username=RichardLitt --npm-username=richardlitt"

I use different usernames for different packages, we often time use bot accounts for GitHub organisations, so I don’t want it to be stored. But we could make the defaults smarter. I think it already defaults to your npm/github usernames based on local config files or based on what ever you used last, so you just need to confirm?

gr2m avatar Sep 17 '17 18:09 gr2m

That would help. I also use different usernames occasionally. You could have the flag override the global config in those cases, too.

I think it already defaults to your npm/github usernames based on local config files or based on what ever you used last, so you just need to confirm?

This isn't the case that I can tell.

RichardLitt avatar Sep 17 '17 19:09 RichardLitt

I haven’t looked into CLI yet, I’d happily accept pull requests that add the username CLI arguments as well as fixes for the defaults (I don’t know how these are currently implemented)

gr2m avatar Sep 17 '17 19:09 gr2m

@RichardLitt is this issue has been fixed by semantic-release/cli#130. Should we close it?

pvdlg avatar Dec 16 '17 20:12 pvdlg

I'm trying to test this out to make sure that it is fixed. Running across this error:

🐕  semantic-release-cli setup
? What is your npm registry? https://registry.npmjs.org/
? What is your npm username? richardlitt
ERR! semantic-release Error: Registry returned 401 for PUT on https://registry.npmjs.org/-/user/org.couchdb.user:richardlitt

Am I missing something?

RichardLitt avatar Dec 17 '17 19:12 RichardLitt

I can't reproduce. The error when the cli tries to create the token., but I don't know why. Maybe you have a wrong password stored in your keychain?

pvdlg avatar Dec 17 '17 20:12 pvdlg

Deleted all of my keychain passwords for npm, tried again using my npm password for that account. Tried resetting my token on npmjs.com, too, and that didn't work. I'm at a loss.

RichardLitt avatar Dec 17 '17 20:12 RichardLitt

I'm using v3.2.6 and it works ok for me. I'm at loss as well...

pvdlg avatar Dec 17 '17 20:12 pvdlg

This happens to me too,

ERR! semantic-release Error: Registry returned 401 for PUT on https://registry.npmjs.org/-/user/org.couchdb.user:luftywiranda13

luftywiranda13 avatar Dec 19 '17 08:12 luftywiranda13

This is most likely related to npm’s new 2FA tokens. I thin the npm prompt does not react correctly when npm responds asking for a 2FA token, is that possible? Do you have 2FA enableg @luftywiranda13 ?

gr2m avatar Dec 22 '17 00:12 gr2m

@gr2m yes, I activated it

luftywiranda13 avatar Dec 23 '17 13:12 luftywiranda13