drone-plugins / drone-npm

Drone plugin for publishing packages to NPM
http://plugins.drone.io/drone-plugins/drone-npm
Apache License 2.0
20 stars 18 forks source link

fix(auth): set JWT token for user/password method #64

Open rodrigo-brito opened 2 years ago

rodrigo-brito commented 2 years ago

I discovered that the new NPM version always set JWT token when auth, and some private registry such as https://github.com/verdaccio/verdaccio, do not support _auth param.

I proposes a flow change:

The login method was ported from NPM CLI project: https://github.com/npm/cli/blob/b46fed75379979a6be86ac72117a90f8ad3b3a99/node_modules/npm-profile/lib/index.js#L111-L191

Ref https://github.com/drone-plugins/drone-npm/issues/61

donny-dont commented 2 years ago

When I started this plugin I used Sinopia as a test target. Eventually moved off of it to NPM Enterprise when Sinopia wasn't being actively maintained. Just making a note that its good to see a healthy fork of it.

I largely haven't used NPM in forever so I don't really have a whole lot of different things to test against. In the present ecosystem is it now just NPM proper, Verdaccio, and Artifactory?

The code itself is fine but the linter is not happy, see https://cloud.drone.io/drone-plugins/drone-npm/41/1/2 , so I think I'm ok with approving this after the build is successful. If it fails the docker steps because of pull limits thats fine but it should definitely get to those steps.

Also I'm asking folks about the versioning and I'd like to tag the master branch before landing this.

rodrigo-brito commented 2 years ago

I largely haven't used NPM in forever so I don't really have a whole lot of different things to test against. In the present ecosystem is it now just NPM proper, Verdaccio, and Artifactory?

I think Github Packages is also used nowadays. I will try to test against these ones.