Delete .npmrc, create it on the fly in CI #29
Conversation
pcholakov
force-pushed
the
remove-committed-npmrc
branch
from
6468a4e to
da1c82f
Compare
For local development we assume that npm is already properly configured. Removing the bundled dot file avoids overriding personal configurations.
pcholakov
force-pushed
the
remove-committed-npmrc
branch
from
da1c82f to
31b9c8b
Compare
| - name: Create .npmrc | ||
| run: | | ||
| echo '@restatedev:registry=https://npm.pkg.github.com/' > ~/.npmrc | ||
| echo '//npm.pkg.github.com/:_authToken=${GH_PACKAGE_READ_ACCESS_TOKEN}' >> ~/.npmrc | ||
| - run: npm ci --prefix typescript | ||
| env: | ||
| GH_PACKAGE_READ_ACCESS_TOKEN: ${{ secrets.GH_PACKAGE_READ_ACCESS_TOKEN }} |
There was a problem hiding this comment.
Thanks @pcholakov, that's a nice improvement!
I think that you need to add that env variable to the step, or alternatively, interpose ${{ secrets.GH_PACKAGE_READ_ACCESS_TOKEN }} directly.
There was a problem hiding this comment.
Do we? I think we want the literal content:
@restatedev:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${GH_PACKAGE_READ_ACCESS_TOKEN}
to land up in .npmrc without any interpolation; the next step is going to use this and that's the step that already has the env variable set. npm will do the expansion when npm ci runs. I'm going to try move it from ~/.npmrc to typescript/.npmrc to see if that fixes it.
There was a problem hiding this comment.
Ah gotcha! This would also work 👌
There was a problem hiding this comment.
As long as it works 😅 I figured even though GHA executions are ephemeral, it's better to keep the secret in memory and not write it out into the config file.
For local development we assume that npm is already properly configured. Removing the bundled dot file avoids overriding personal configurations.