fix(security): change token npm (#846)

SocialGouv · Nov 18, 2022 · 9d667c2 · 9d667c2
1 parent 3ceb6d8
commit 9d667c2
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -17,9 +17,6 @@ jobs:
         with:
           fetch-depth: 0
           persist-credentials: false
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 14
       - name: Get yarn cache directory path
         id: yarn-cache-dir-path
         run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
@@ -30,19 +27,29 @@ jobs:
           key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
           restore-keys: |
             ${{ runner.os }}-yarn-
-      - name: Deploy
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Set git
         run: |
-          npm config set access public
-          npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
           git config --global user.name "${NAME}"
           git config --global user.email "${EMAIL}"
           git remote set-url origin https://git:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
-          yarn --frozen-lockfile
-          yarn build
-          GH_TOKEN=${GITHUB_TOKEN} yarn lerna version --force-publish --yes --conventional-commits --create-release github
-          yarn lerna publish from-package --yes
         env:
           GITHUB_TOKEN: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
           NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
           EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
-          NPM_TOKEN: ${{ secrets.SOCIALGROOVYBOT_NPM_TOKEN }}
+      - name: Build
+        run: yarn build
+      - name: Versionning code
+        run: GH_TOKEN=${GITHUB_TOKEN} yarn lerna version --force-publish --yes --conventional-commits --create-release github
+        env:
+          GITHUB_TOKEN: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
+      - name: Setup token
+        run: echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} > .npmrc
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - name: Deploy to npm
+        run: lerna publish from-package --yes
+      - name: Remove .npmrc
+        if: always()
+        run: rm .npmrc