From 1d33e701bad744fdf22278e784145c05885b62df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Wed, 20 Nov 2024 08:48:22 +0100 Subject: [PATCH] Fix auth in publish to npm --- tag_publish/cli.py | 56 +++++++++++++++++++++++++---------------- tag_publish/lib/oidc.py | 2 +- tag_publish/publish.py | 7 +++--- 3 files changed, 38 insertions(+), 27 deletions(-) diff --git a/tag_publish/cli.py b/tag_publish/cli.py index 7305fb1..2f22c8b 100644 --- a/tag_publish/cli.py +++ b/tag_publish/cli.py @@ -248,6 +248,22 @@ def _handle_node_publish( success = True node_config = config.get("node", {}) if node_config: + if version_type == "version_branch": + last_tag = ( + subprocess.run( + ["git", "describe", "--abbrev=0", "--tags"], check=True, stdout=subprocess.PIPE + ) + .stdout.strip() + .decode() + ) + commits_number = subprocess.run( + ["git", "rev-list", "--count", f"{last_tag}..HEAD"], + check=True, + stdout=subprocess.PIPE, + ) + + version = f"{last_tag}.{commits_number}" + for package in node_config.get("packages", []): if package.get("group", tag_publish.configuration.NODE_PACKAGE_GROUP_DEFAULT) == group: publish = version_type in node_config.get( @@ -290,6 +306,8 @@ def _handle_docker_publish( success = True docker_config = config.get("docker", {}) if docker_config: + sys.stdout.flush() + sys.stderr.flush() if docker_config.get("auto_login", tag_publish.configuration.DOCKER_AUTO_LOGIN_DEFAULT): subprocess.run( [ @@ -504,9 +522,7 @@ def _handle_helm_publish( ) -> bool: success = True helm_config = config.get("helm", {}) - if helm_config.get("folders") and version_type in helm_config.get( - "versions", tag_publish.configuration.HELM_VERSIONS_DEFAULT - ): + if helm_config.get("packages"): tag_publish.download_application("helm/chart-releaser") owner = github.repo.owner.login @@ -524,35 +540,31 @@ def _handle_helm_publish( .stdout.strip() .decode() ) - expression = re.compile(r"^[0-9]+\.[0-9]+\.[0-9]+$") - while expression.match(last_tag) is None: - last_tag = ( - subprocess.run( - ["git", "describe", "--abbrev=0", "--tags", f"{last_tag}^"], - check=True, - stdout=subprocess.PIPE, - ) - .stdout.strip() - .decode() - ) + commits_number = subprocess.run( + ["git", "rev-list", "--count", f"{last_tag}..HEAD"], + check=True, + stdout=subprocess.PIPE, + ) - versions = last_tag.split(".") - versions[-1] = str(int(versions[-1]) + 1) - version = ".".join(versions) + version = f"{last_tag}.{commits_number}" for package in helm_config["packages"]: - if package.get("group", tag_publish.configuration.PIP_PACKAGE_GROUP_DEFAULT) == group: - publish = version_type in helm_config.get( - "versions", tag_publish.configuration.PYPI_VERSIONS_DEFAULT - ) + if package.get("group", tag_publish.configuration.HELM_PACKAGE_GROUP_DEFAULT) == group: + versions_type = helm_config.get("versions", tag_publish.configuration.HELM_VERSIONS_DEFAULT) + publish = version_type in versions_type + folder = package.get("folder", tag_publish.configuration.HELM_PACKAGE_FOLDER_DEFAULT) if publish: - folder = package.get("folder", tag_publish.configuration.HELM_PACKAGE_FOLDER_DEFAULT) if dry_run: print(f"Publishing '{folder}' to helm, skipping (dry run)") else: token = os.environ["GITHUB_TOKEN"] success &= tag_publish.publish.helm(folder, version, owner, repo, commit_sha, token) published_payload.append({"type": "helm", "folder": folder}) + else: + print( + f"::notice::The folder '{folder}' will be published as helm on version types: " + f"{', '.join(versions_type)}" + ) return success diff --git a/tag_publish/lib/oidc.py b/tag_publish/lib/oidc.py index 84a2f95..4da4fde 100755 --- a/tag_publish/lib/oidc.py +++ b/tag_publish/lib/oidc.py @@ -162,7 +162,7 @@ def pypi_login() -> None: pypirc_filename = os.path.expanduser("~/.pypirc") if os.path.exists(pypirc_filename): - print(f"::info::{pypirc_filename} already exists; consider as already logged in.") # noqa: E702 + print(f"::notice::{pypirc_filename} already exists; consider as already logged in.") # noqa: E702 return if "ACTIONS_ID_TOKEN_REQUEST_TOKEN" not in os.environ: diff --git a/tag_publish/publish.py b/tag_publish/publish.py index 3435980..cb4dc76 100644 --- a/tag_publish/publish.py +++ b/tag_publish/publish.py @@ -142,18 +142,17 @@ def node( is_github = repo_config["server"] == "npm.pkg.github.com" old_npmrc = None npmrc_filename = os.path.expanduser("~/.npmrc") - env = {**os.environ} if is_github: old_npmrc = None if os.path.exists(npmrc_filename): with open(npmrc_filename, encoding="utf-8") as open_file: old_npmrc = open_file.read() with open(npmrc_filename, "w", encoding="utf-8") as open_file: + open_file.write(f"//npm.pkg.github.com/:_authToken={os.environ['GITHUB_TOKEN']}\n") open_file.write(f"registry=https://{repo_config['server']}\n") open_file.write("always-auth=true\n") - env["NODE_AUTH_TOKEN"] = os.environ["GITHUB_TOKEN"] - subprocess.run(["npm", "publish", *([] if publish else ["--dry-run"])], cwd=cwd, check=True, env=env) + subprocess.run(["npm", "publish", *([] if publish else ["--dry-run"])], cwd=cwd, check=True) if is_github: if old_npmrc is None: @@ -201,7 +200,7 @@ def docker( """ print( - f"::group::Publishing {image_config['name']} to the server {name} " + f"::group::Publishing {image_config['name']} to the {name} registry " f"using the tags {', '.join(dst_tags)}" ) sys.stdout.flush()