search

boltpkg / bolt

⚡️ Super-powered JavaScript project management
MIT License
2.34k stars 84 forks source link

Feature Request: Create the .npmrc file in each package #275

Closed etc-tiago closed 4 years ago

etc-tiago commented 4 years ago
Title Description
Version 0.24.5
Type feature
node 12.16.3
Operating System MacOs 10.15.4
Short Description Create the .npmrc file in each package

Detailed description

The npm set registry https://registry.npmjs.org/ && echo "//registry.npmjs.org/:_authToken=${{secrets.NPM_TOKEN}}"> .npmrc created the .npmrc file in the main folder, but the bolt publish --access public command ran in each folder separately, and it did not see .npmrc when executed.

I fixed package publishing by copying the .npmrc file for each package before running the publish command.

This could be done with an argument --npm-token like bolt publish --access public --npm-token=**** or identifing the .npmrc on root folder and copying to packages.

lukebatchelor commented 4 years ago

I've not seen this be an issue for anyone else interestingly. Npm should traverse up directories until it finds an RC file (even up to your home dir if it exists).

Can you show how to reproduce this?

etc-tiago commented 4 years ago

My .github/workflows/publish.yml

name: Publish to NPM

on:
  release:
    types: [published]

jobs:
  publish:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/setup-node@v1
        with:
          node-version: 12.16.x
      - uses: actions/checkout@v1
      - run: |
          npm set progress=false
          npm set package-lock=false
          npm set registry https://registry.npmjs.org/ && echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc

      - run: yarn global add bolt
      - run: bolt
      - run: bolt publish --access public

secrets.NPM_TOKEN return a valid token.

When executed above, it returns the logs. This happens in all packages:

npm publish --access public npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/package-name-example - You must be logged in to publish packages.

So when I add an extra step:

steps:
    - uses: actions/setup-node@v1
       with:
          node-version: 12.16.x
    - uses: actions/checkout@v1
    - run: |
        npm set progress=false
        npm set package-lock=false
        npm set registry https://registry.npmjs.org/ && echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
    - run: yarn global add bolt

    - run: |
       cp .npmrc /packages/example-1
       cp .npmrc /packages/example-2

    - run: bolt
    - run: bolt publish --access public

The bolt publish command succeeded in publishing to npm.

etc-tiago commented 4 years ago

I tried to add the variable NPM_CONFIG_OTP (#202) because I have 2fa enabled, but I was not successful.

etc-tiago commented 4 years ago 
- run: |
   cp .npmrc /packages/example-1
   cp .npmrc /packages/example-2

I made a small node script to copy .npmrc to other package folders.

const { readdirSync, copyFileSync, readFileSync } = require('fs');

const mainPackage = JSON.parse(readFileSync('./package.json', { encoding: 'utf8' }));
const listOfPackages = mainPackage.bolt.workspaces.map((workspace) => workspace.replace('/*', ''));

listOfPackages.forEach((package) => {
  readdirSync(`./${package}`).forEach((folder) => {
    copyFileSync('./.npmrc', `./${package}/${folder}/.npmrc`);
  });
});

To replace the step for this command:


steps:
    - uses: actions/setup-node@v1
       with:
          node-version: 12.16.x
    - uses: actions/checkout@v1
    - run: |
        npm set progress=false
        npm set package-lock=false
        npm set registry https://registry.npmjs.org/ && echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
        node npm.js

    - run: yarn global add bolt
    - run: bolt
    - run: bolt publish --access public
lukebatchelor commented 4 years ago

Again, that's pretty strange. I've seen 20+ bolt repos that don't have an issue picking up the npmrc from the root.

A couple things above that were strange though, you said you were able to publish correctly when you copied the RC in, but how does that work when you have 2fa turned on for publishing? Do you only have it turned on for login maybe?

Also surprised that the copying the rc works above, I would think that cp .npmrc /packages/example-1 would be trying to copy somewhere at the root of the fs, not relative to cwd? Unless gh actions run at some sort of pseudo root dir?

Just to double check, you don't have an existing RC in each of your workspaces that would be getting picked up instead?

etc-tiago commented 4 years ago

A couple things above that were strange though, you said you were able to publish correctly when you copied the RC in, but how does that work when you have 2fa turned on for publishing? Do you only have it turned on for login maybe?

2fa is enabled for login and publishing.

Also surprised that the copying the rc works above, I would think that cp .npmrc /packages/example-1 would be trying to copy somewhere at the root of the fs, not relative to cwd? Unless gh actions run at some sort of pseudo root dir?

Travis, CircleCI and gitlab publish without any problem, it makes me believe that the problem is in some configuration on github.

Just to double check, you don't have an existing RC in each of your workspaces that would be getting picked up instead?

I added one more command to show the contents of .npmrc.

Captura de Tela 2020-06-04 às 09 16 02

I will contact github support to show the case, maybe this is about a possible new integration with npmjs.com, so this issue can be closed, since the problem is not in Bolt but in github apparently.