Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat/private registry #362

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

dohaicuong
Copy link

@dohaicuong dohaicuong commented Apr 10, 2024

I've encounter problem when using changesets/action when I'm using the private registry that is not npm.

Upon looking into it the problem seems to coming from the bellow line where it only check for npm registry name.

const authLine = userNpmrcContent.split("\n").find((line) => {
  // check based on https://github.com/npm/cli/blob/8f8f71e4dd5ee66b3b17888faad5a7bf6c657eed/test/lib/adduser.js#L103-L105
  return /^\s*\/\/registry\.npmjs\.org\/:[_-]authToken=/i.test(line);
});

However, beside npm registry, we also have github registry and custom domain gitlab registry.

// npm
//registry.npmjs.org/:_authToken

// github
//npm.pkg.github.com/:_authToken=TOKEN

// custom domain gitlab registry
//code.org.com/packages/npm/:_authToken=

Hence I'm making the change here to address for this problem.
Thank you the team for your work on maintaining this tool!

Copy link

changeset-bot bot commented Apr 10, 2024

🦋 Changeset detected

Latest commit: dec3baf

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@changesets/action Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@Joozty
Copy link

Joozty commented May 3, 2024

@Andarist can this be merged please?

@booleans-oss
Copy link

+1 as this is exactly what I need

@brad-mccormick
Copy link

I think this is moving in the right direction and thanks @dohaicuong for getting this PR going. I've had the same issue since last year and I'm just now coming back to it. Our packages are stored in a private Artifactory registry which utilizes basic auth (see: Artifactory Basic Auth). That means the .npmrc is expected to have username and _password fields. The proposed changes would still result in authLine being false.

npm has a set of supported fields for authentication which could be mirrored.
https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration

For example:
:[_-](authToken|auth|password)=

There's also still some hardcoding of npm registry urls here. Maybe out of scope for this PR, but the reality is you could be publishing to more than one registry, so I'm not sure how useful this is.

action/src/index.ts

Lines 76 to 87 in dec3baf

fs.appendFileSync(
userNpmrcPath,
`\n//registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}\n`
);
}
} else {
core.info("No user .npmrc file found, creating one");
fs.writeFileSync(
userNpmrcPath,
`//registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}\n`
);
}

@graffhyrum
Copy link

+1

@dikaso
Copy link

dikaso commented Nov 13, 2024

Also waiting for this one. How can we help?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants