Use literal ${NPM_TOKEN} in npm auth

This is not supposed to be the token, but the literal value that is then replaced by npm. Probably does not make a difference, but the docs are clear on *not* putting a token in this file. The docs also say to put it in the project root. Also adding some lines to debug what runs.
coder · Nov 6, 2024 · a9b2872 · a9b2872
1 parent 344df38
commit a9b2872
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/ci/steps/publish-npm.sh b/ci/steps/publish-npm.sh
@@ -46,7 +46,10 @@ main() {
 
   # This allows us to publish to npm in CI workflows
   if [[ ${CI-} ]]; then
-    echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
+    echo "Adding NPM_TOKEN to .npmrc"
+    # This is meant to be the literal value of ${NPM_TOKEN}, not the actual
+    # token itself.
+    echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' >> .npmrc
   fi
 
   ## Environment
@@ -142,6 +145,7 @@ main() {
 
   # Since the dev builds are scoped to @coder
   # We pass --access public to ensure npm knows it's not private.
+  echo "Publishing version $NPM_VERSION with tag $NPM_TAG"
   npm publish --non-interactive release --tag "$NPM_TAG" --access public
 }