Auto: inject $NPM_TOKEN into .npmrc for the user

Created on 19 Jan 2019  ·  9Comments  ·  Source: intuit/auto

Why is .npmrc searched for a Github token?

https://github.com/intuit/auto-release/blob/a4206047e02b006fb747d027595a66ef29dddb35/src/utils/github-token.ts#L25-L39

enhancement
Source
picture aleclarson

All 9 comments

Also, why isn't process.env.NPM_TOKEN checked for, like GH_TOKEN is?

Could auto-release inject $NPM_TOKEN into .npmrc for the user? (potentially useful in CI builds)

aleclarson picture aleclarson on 19 Jan 2019

This is a GitHub enterprise thing. @adierkens can tell you more as I haven't encountered it.

Could auto-release inject $NPM_TOKEN into .npmrc for the user? (potentially useful in CI builds)

I like this. it should be do-able

hipstersmoothie picture hipstersmoothie on 19 Jan 2019
👍1

This feature should probably only be enable on the CI. If it were to run locally you might accidentally commit the token.

hipstersmoothie picture hipstersmoothie on 19 Jan 2019

Would this package get accomplish the desired behavior you're looking for?

https://www.npmjs.com/package/@hutson/set-npm-auth-token-for-ci

hipstersmoothie picture hipstersmoothie on 19 Jan 2019

Sure, but a look at the source code reveals a very basic implementation, so it would be better to include it in auto-release than to force the user to install another dependency.

aleclarson picture aleclarson on 19 Jan 2019

It seems like it does what it does quite well though:

  • handles rc files at multiple locations on any OS (using local-or-home-npmrc)
  • checks if the token is already set
  • handles the registry being set in the package.json
  • correctly handles npmrc scope configuration (using registry-url)

This is a bunch of functionality that if we wanted to cover all the use cases, we would have to code all of the above as well (or at least use the same packages).

In a few other cases we do the same thing as well. We defer to parse-author to parse the git author correctly and parse-github-url for the github URL. So it wouldn't be a stretch to use a package to do this.

I also like depending on packages like these so there is less code duplication in the world. Any by using this package and finding problems with it we can solve problems for future devs too!

My main issue with the package is how they also ship the CLI with the API. For that I have opened an issue here

hipstersmoothie picture hipstersmoothie on 19 Jan 2019

In the meantime, we should fork the package (and maybe even open a PR). 😁

aleclarson picture aleclarson on 19 Jan 2019

Yeah I plan on making a PR! Just want to know what the author would like. But the best path for that package is probably to do both: make a monorepo and use a smaller CLI library

hipstersmoothie picture hipstersmoothie on 19 Jan 2019
👍1

The maintainer already implemented this! https://gitlab.com/hyper-expanse/open-source/set-npm-auth-token-for-ci/issues/2

hipstersmoothie picture hipstersmoothie on 19 Jan 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

zephraph picture zephraph  ·  10Comments
aleclarson picture aleclarson  ·  14Comments
vincentbriglia picture vincentbriglia  ·  8Comments
thuringia picture thuringia  ·  14Comments
brunobertoldi picture brunobertoldi  ·  8Comments