For GitHub or GitLab releases, make sure the token is available as an environment variable. Example:
export GITHUB_TOKEN="f941e0..."In macOS or Linux, this can be added to e.g. ~/.profile, so it's available everytime the shell is used.
Another solution, that works in every environment (Windows, macOS, Linux), is to use an .env file and a package like
dotenv-cli:
In the .env file:
GITHUB_TOKEN="f941e0..."Install the dotenv-cli package as a devDependency:
npm install -D dotenv-cliPrefix the release-it script like so:
{
"scripts": {
"release": "dotenv release-it --"
}
}Not used often, but this script asks for the token everytime a npm run release is invoked:
{
"scripts": {
"release": "read -p 'GITHUB_TOKEN: ' GITHUB_TOKEN && export GITHUB_TOKEN=$GITHUB_TOKEN && release-it"
}
}- Do not check the token into the Git repository.
- Do not check the
.envfile into the Git repository (add it to.gitignore). A convention is to use a.env.examplefile with dummy values and add this to the repository. - Do not put the actual token in the release-it configuration. It will be read from the
GITHUB_TOKENenvironment variable. To use something different, use e.g.github.tokenRef="RELEASE_IT_GITHUB_TOKEN"(orgitlab.tokenRef).
All of the above is the same for GITLAB_TOKEN.