-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow running without an configured NPM_TOKEN #324
Comments
You can run |
I'm very well known with what is possible with npm but that is not the question. The question is about making NPM_TOKEN optional (with maybe a setting like : ignoreNpmToken: true). The package needs to be published but the credentials are in the global .npmrc (or user, this should not matter). npm will read this and will succeed but @semantic-release/npm will complain about the absence of the token. At this moment i made it possible with @semantic-release/exec, npm version and npm publish but I like the use of @semantic-release/npm more. |
Got it, sorry. I wonder if we could make this work without introducing a new option. Could we check check if the npm token is configured in one of the |
Related to this issue: The examples suggest that you can skip publishing to NPM by using the config: ["@semantic-release/npm", {
"npmPublish": false
}], but even with this configuration defined, it tries to verify a proper NPM_TOKEN. This feels like something that could be checked and ignore validation if it's set. |
I'm always in favor of autodetection with the possibility of escape hatches :) For example, you can't just check the "_auth" property of npmrc. This is only a basic auth option that is used by certain servers like artifactory. We also work with azure devops streams/feeds and they are configured like this:
|
when you run |
I was looking at npm ping. This promises to do exactly what you are proposing. Unfortunately with our artifactory config on my local machine I already had to kill the process. Detecting the different auth options can be tricky in npmrc I think. You could maybe look at the always-auth property there. If its true its probably a configured authentication. Next to this I think that your current config and NPM_TOKEN is pretty ok. If there is an escape hatch to just skip the check (maybe with a warning message) everyone can use the package no matter the config |
could you share the details of the actual error that you run into? since you mention that you are publishing to an internal artifactory, this plugin should be skipping at least most of the auth verification since it only does full verification if publishing to the default registry. |
I'm running against this check: Line 45 in 88e5862
Only enforcing this with default registry could also be an option. It mainly about what your philosophy is with the intended behavior |
I wonder why this does not work in your usecase, because the code does check if there are valid credentials for the publish registry and if so the NPM_TOKEN is skipped all together: Line 27 in 7338fc2
|
Any progress with this issue? I've just ran into the same thing using Google's Artifact Registry. You use their |
When using legacy auth, the env var `NPM_CONFIG__AUTH` can be used. Fixes semantic-release#324
Just ran into the same issue because Artifactory uses |
When using legacy auth, the env var `NPM_CONFIG__AUTH` can be used. Fixes semantic-release#324
Same problem here, I'm publishing to a npm feed on Azure DevOps, it has a npm publish step that connects directly to Azure Artifacts on the following step and correctly publishes it, but I would like semantic-release/npm to update my package.json version accordingly. The workaround I found was to set NPM_TOKEN value to a fake token value (literally this string) and it worked, but skipping it on publish: false or allowing a bypass option would be better. |
Any updates on this issue? Having similar challenge when publishing to artifactory. |
Following this thread, I've used the following for my Azure DevOps pipeline: .releaserc ["@semantic-release/npm", {
"npmPublish": false
}], deploy.yml - bash: npx semantic-release
displayName: "Version & release"
env:
GIT_CREDENTIALS: $(System.AccessToken)
NPM_TOKEN: $(NPM_TOKEN)
- task: npmAuthenticate@0
displayName: "Authenticate to Artifacts"
inputs:
workingFile: './.npmrc'
- task: Npm@1
displayName: "Publish to Artifacts"
inputs:
command: 'publish'
publishRegistry: 'useFeed'
publishFeed: '<redacted>' It'd be perfect if |
In our build environment we have a system connection to our internal artifactory configured for npm publish.
This means we can do an npm publish without the need for custom credentials.
Would be great to make it possible to skip the credentials check
The text was updated successfully, but these errors were encountered: