This plugin enables the ability to manage artifacts in npm in a Vela pipeline.
Source Code: https://github.com/go-vela/vela-npm
Registry: https://hub.docker.com/r/target/vela-npm
NOTE:
Users should refrain from using latest as the tag for the Docker image.
It is recommended to use a semantically versioned tag instead.
Sample of publishing package:
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.orgSample of publishing if registry does not support npm ping:
NOTE:
Recommended if you are deploying to a registry inside Artifactory
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.org
+ skip_ping: trueSample of pretending to publish package:
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.org
+ dry_run: trueSample of first time publishing package:
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.org
+ first_publish: trueSample of publishing with additional dist-tag:
NOTE:
Tags are used as an alias and cannot be valid semver
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.org
+ tag: betaHigher level of tolerance for npm audit:
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.org
+ audit_level: criticalNOTE:
Users should refrain from configuring sensitive information in their pipeline in plain text.
The plugin accepts the following parameters for authentication:
| Parameter | Environment Variable Configuration |
|---|---|
password |
NPM_PASSWORD, PARAMETER_PASSWORD |
username |
NPM_USERNAME, PARAMETER_USERNAME |
registry |
NPM_REGISTRY, PARAMETER_REGISTRY |
email |
NPM_EMAIL, PARAMETER_EMAIL |
Users can use Vela internal secrets to substitute these sensitive values at runtime:
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
secrets: [ npm_password ]
parameters:
username: npmUsername
registry: https://registry.npmjs.org
- password: superSecretPasswordThis example will add the
secretsto thenpm_publishstep as environment variables:
NPM_PASSWORD=value
The plugin accepts the following files for authentication:
| Parameter | Volume Configuration |
|---|---|
password |
/vela/parameters/npm/password, /vela/secrets/npm/password, /vela/secrets/managed-auth/password |
username |
/vela/parameters/npm/username, /vela/secrets/npm/username, /vela/secrets/managed-auth/username |
registry |
/vela/parameters/npm/registry, /vela/secrets/npm/registry |
email |
/vela/parameters/npm/email, /vela/secrets/npm/email |
Users can use Vela external secrets to substitute these sensitive values at runtime:
steps:
- name: npm_publish
image: target/vela-npm:latest
pull: not_present
parameters:
registry: https://registry.npmjs.org
- username: npmUsername
- password: superSecretPasswordThe following parameters are used to configure the image:
| Name | Description | Required | Default | Environment Variables |
|---|---|---|---|---|
username |
username for communication with npm | true |
N/A |
PARAMETER_USERNAMENPM_USERNAME |
password |
password for communication with npm | false |
N/A |
PARAMETER_PASSWORDNPM_PASSWORD |
email |
email for communication with npm | false |
N/A |
PARAMETER_EMAILNPM_EMAIL |
token |
auth token for communication with npm | false |
N/A |
PARAMETER_TOKENTOKEN |
registry |
npm instance to communicate with | false |
https://registry.npmjs.org |
PARAMETER_REGISTRYNPM_REGISTRY |
audit_level |
level at which the audit check should fail (valid options: low, moderate, high, critical, none to skip) |
false |
none |
PARAMETER_AUDIT_LEVELAUDIT_LEVEL |
strict_ssl |
whether or not to do SSL key validation during communication | false |
true |
PARAMETER_STRICT_SSLSTRICT_SSL |
always_auth |
force npm to always require authentication | false |
false |
PARAMETER_ALWAYS_AUTHALWAYS_AUTH |
skip_ping |
whether or not to skip npm ping authentication command |
false |
false |
PARAMETER_SKIP_PINGSKIP_PING |
dry_run |
enables pretending to perform the action | false |
false |
PARAMETER_DRY_RUNDRY_RUN |
tag |
publish package with given alias tag | false |
latest |
PARAMETER_TAGTAG |
log_level |
set the log level for the plugin (valid options: info, debug, trace) |
true |
info |
PARAMETER_LOG_LEVELLOG_LEVEL |
workspaces |
publish all workspaces | false |
false |
PARAMETER_WORKSPACESWORKSPACES |
workspace |
publish a specific workspace by specifying the workspace name or relative path | false |
N/A |
PARAMETER_WORKSPACEWORKSPACE |
access |
Tells the registry whether this package should be published as public or restricted. Only applies to scoped packages, which default to restricted | false |
restricted |
PARAMETER_ACCESSACCESS |
This is your module's manifest. There are a few important keys that need to be set in order to publish your module
- name - your package name that will be checked against in the registry
- version - your package version that will be used to publish, it must be valid semver and unique to the registry
- private - this needs to be set to
falseeven if you are publishing it internally. - publishConfig - this should be configured to your registry location and registry parameter should match this value
For example values, see npm's documentation
COMING SOON!
Here are the available log levels to assist in troubleshooting: trace, debug, info, warn, error, fatal, panic