Deprecate version property (#54 )

Fix example to use NPM_TOKEN instead of YARN_TOKEN. (#57 )
Example showing how to use this to install private packages securely. (#56 )
2019-09-12 10:30:15 -04:00 · 2019-09-10 15:39:39 -04:00 · 2019-09-10 13:32:30 -04:00 · 2019-09-03 10:57:45 -04:00 · 2019-09-03 10:53:12 -04:00 · 2019-08-26 10:54:54 -04:00
16 changed files with 157 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,92 @@
+# Explicitly not ignoring node_modules so that they are included in package downloaded by runner
 !node_modules/
 __tests__/runner/*
+
+# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
--- a/README.md
+++ b/README.md
@@ -71,7 +71,6 @@ steps:
  with:
    node-version: '10.x'
    registry-url: <registry url>
- run: npm install -g yarn
 - run: yarn install
 - run: yarn publish
  env:
@@ -84,6 +83,24 @@ steps:
    NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```

+Use private packages:
+```yaml
+steps:
+- uses: actions/checkout@master
+- uses: actions/setup-node@v1
+  with:
+    node-version: '10.x'
+    registry-url: 'https://registry.npmjs.org'
+# Skip post-install scripts here, as a malicious
+# script could steal NODE_AUTH_TOKEN.
+- run: npm install --ignore-scripts
+  env:
+    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+# `npm rebuild` will run all those post-install scritps for us.
+- run: npm rebuild && npm run prepare --if-present
+```
+
+
 # License

 The scripts and documentation in this project are released under the [MIT License](LICENSE)
--- a/tests/snapshots/authutil.test.ts.snap
+++ b/tests/snapshots/authutil.test.ts.snap
@@ -2,20 +2,30 @@

 exports[`installer tests Appends trailing slash to registry 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-registry=https://registry.npmjs.org/"
+registry=https://registry.npmjs.org/
+always-auth=false"
 `;

 exports[`installer tests Automatically configures GPR scope 1`] = `
 "npm.pkg.github.com/:_authToken=\${NODE_AUTH_TOKEN}
-@ownername:registry=npm.pkg.github.com/"
+@ownername:registry=npm.pkg.github.com/
+always-auth=false"
 `;

 exports[`installer tests Configures scoped npm registries 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-@myscope:registry=https://registry.npmjs.org/"
+@myscope:registry=https://registry.npmjs.org/
+always-auth=false"
+`;
+
+exports[`installer tests Sets up npmrc for always-auth true 1`] = `
+"//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
+registry=https://registry.npmjs.org/
+always-auth=true"
 `;

 exports[`installer tests Sets up npmrc for npmjs 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-registry=https://registry.npmjs.org/"
+registry=https://registry.npmjs.org/
+always-auth=false"
 `;
--- a/tests/authutil.test.ts
+++ b/tests/authutil.test.ts
@@ -33,13 +33,13 @@ describe('installer tests', () => {
  });

  it('Sets up npmrc for npmjs', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'false');
    expect(fs.existsSync(rcFile)).toBe(true);
    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
  });

  it('Appends trailing slash to registry', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');

    expect(fs.existsSync(rcFile)).toBe(true);
    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
@@ -47,16 +47,22 @@ describe('installer tests', () => {

  it('Configures scoped npm registries', async () => {
    process.env['INPUT_SCOPE'] = 'myScope';
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');

    expect(fs.existsSync(rcFile)).toBe(true);
    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
  });

  it('Automatically configures GPR scope', async () => {
-    await auth.configAuthentication('npm.pkg.github.com');
+    await auth.configAuthentication('npm.pkg.github.com', 'false');

    expect(fs.existsSync(rcFile)).toBe(true);
    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
  });
+
+  it('Sets up npmrc for always-auth true', async () => {
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
+    expect(fs.existsSync(rcFile)).toBe(true);
+    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
+  });
 });
--- a/action.yml
+++ b/action.yml
@@ -2,6 +2,9 @@ name: 'Setup Node.js environment'
 description: 'Setup a Node.js environment and add it to the PATH, additionally providing proxy support'
 author: 'GitHub'
 inputs:
+  always-auth:
+    description: 'Set always-auth in npmrc'
+    default: 'false'
  node-version:
    description: 'Version Spec of the version to use.  Examples: 10.x, 10.15.1, >=10.15.0'
    default: '10.x'
@@ -12,6 +15,7 @@ inputs:
 # Deprecated option, do not use. Will not be supported after October 1, 2019
  version:
    description: 'Deprecated. Use node-version instead. Will not be supported after October 1, 2019'
+    deprecationMessage: 'The version property will not be supported after October 1, 2019. Use node-version instead'
 runs:
  using: 'node12'
  main: 'lib/setup-node.js'
--- a/lib/authutil.js
+++ b/lib/authutil.js
@@ -12,15 +12,15 @@ const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
-function configAuthentication(registryUrl) {
+function configAuthentication(registryUrl, alwaysAuth) {
    const npmrc = path.resolve(process.env['RUNNER_TEMP'] || process.cwd(), '.npmrc');
    if (!registryUrl.endsWith('/')) {
        registryUrl += '/';
    }
-    writeRegistryToFile(registryUrl, npmrc);
+    writeRegistryToFile(registryUrl, npmrc, alwaysAuth);
 }
 exports.configAuthentication = configAuthentication;
-function writeRegistryToFile(registryUrl, fileLocation) {
+function writeRegistryToFile(registryUrl, fileLocation, alwaysAuth) {
    let scope = core.getInput('scope');
    if (!scope && registryUrl.indexOf('npm.pkg.github.com') > -1) {
        scope = github.context.repo.owner;
@@ -47,7 +47,8 @@ function writeRegistryToFile(registryUrl, fileLocation) {
    const registryString = scope
        ? `${scope}:registry=${registryUrl}`
        : `registry=${registryUrl}`;
-    newContents += `${authString}${os.EOL}${registryString}`;
+    const alwaysAuthString = `always-auth=${alwaysAuth}`;
+    newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;
    fs.writeFileSync(fileLocation, newContents);
    core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
    // Export empty node_auth_token so npm doesn't complain about not being able to find it
--- a/lib/setup-node.js
+++ b/lib/setup-node.js
@@ -35,8 +35,9 @@ function run() {
                yield installer.getNode(version);
            }
            const registryUrl = core.getInput('registry-url');
+            const alwaysAuth = core.getInput('always-auth');
            if (registryUrl) {
-                auth.configAuthentication(registryUrl);
+                auth.configAuthentication(registryUrl, alwaysAuth);
            }
            // TODO: setup proxy from runner proxy config
            const matchersPath = path.join(__dirname, '..', '.github');
--- a/package-lock.json
+++ b/package-lock.json
@@ -3628,9 +3628,9 @@
      }
    },
    "lodash": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
-      "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==",
+      "version": "4.17.15",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
+      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
      "dev": true
    },
    "lodash.get": {
--- a/src/authutil.ts
+++ b/src/authutil.ts
@@ -4,7 +4,7 @@ import * as path from 'path';
 import * as core from '@actions/core';
 import * as github from '@actions/github';

-export function configAuthentication(registryUrl: string) {
+export function configAuthentication(registryUrl: string, alwaysAuth: string) {
  const npmrc: string = path.resolve(
    process.env['RUNNER_TEMP'] || process.cwd(),
    '.npmrc'
@@ -13,10 +13,14 @@ export function configAuthentication(registryUrl: string) {
    registryUrl += '/';
  }

-  writeRegistryToFile(registryUrl, npmrc);
+  writeRegistryToFile(registryUrl, npmrc, alwaysAuth);
 }

-function writeRegistryToFile(registryUrl: string, fileLocation: string) {
+function writeRegistryToFile(
+  registryUrl: string,
+  fileLocation: string,
+  alwaysAuth: string
+) {
  let scope: string = core.getInput('scope');
  if (!scope && registryUrl.indexOf('npm.pkg.github.com') > -1) {
    scope = github.context.repo.owner;
@@ -45,7 +49,8 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) {
  const registryString: string = scope
    ? `${scope}:registry=${registryUrl}`
    : `registry=${registryUrl}`;
-  newContents += `${authString}${os.EOL}${registryString}`;
+  const alwaysAuthString: string = `always-auth=${alwaysAuth}`;
+  newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;
  fs.writeFileSync(fileLocation, newContents);
  core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
  // Export empty node_auth_token so npm doesn't complain about not being able to find it
--- a/src/setup-node.ts
+++ b/src/setup-node.ts
@@ -19,8 +19,9 @@ async function run() {
    }

    const registryUrl: string = core.getInput('registry-url');
+    const alwaysAuth: string = core.getInput('always-auth');
    if (registryUrl) {
-      auth.configAuthentication(registryUrl);
+      auth.configAuthentication(registryUrl, alwaysAuth);
    }

    // TODO: setup proxy from runner proxy config
--- a/toolkit/actions-core-0.0.0.tgz
+++ b/toolkit/actions-core-0.0.0.tgz
--- a/toolkit/actions-exec-0.0.0.tgz
+++ b/toolkit/actions-exec-0.0.0.tgz
--- a/toolkit/actions-exit-0.0.0.tgz
+++ b/toolkit/actions-exit-0.0.0.tgz
--- a/toolkit/actions-github-0.0.0.tgz
+++ b/toolkit/actions-github-0.0.0.tgz
--- a/toolkit/actions-io-0.0.0.tgz
+++ b/toolkit/actions-io-0.0.0.tgz
--- a/toolkit/actions-tool-cache-0.0.0.tgz
+++ b/toolkit/actions-tool-cache-0.0.0.tgz
Author	SHA1	Message	Date
Danny McCormick	c35dd24c52	Deprecate version property (#54 )	2019-09-12 10:30:15 -04:00
Jason Walton	4fd9403fe5	Fix example to use NPM_TOKEN instead of YARN_TOKEN. (#57 )	2019-09-10 15:39:39 -04:00
Jason Walton	ca2e28376a	Example showing how to use this to install private packages securely. (#56 )	2019-09-10 13:32:30 -04:00
David J. Felix	7a3ce83626	Add setting for always-auth (#48 ) * Add setting for always-auth - https://docs.npmjs.com/misc/config#always-auth - Allow private repos for stuff like artifactory to work * Fix tests for always-auth	2019-09-03 10:57:45 -04:00
Kid	57adacb752	remove unnessary install yarn command (#50 )	2019-09-03 10:53:12 -04:00
Danny McCormick	7af5963081	Update .gitignore (#40 )	2019-08-26 10:54:54 -04:00
dependabot[bot]	1ba3bc7e28	Bump lodash from 4.17.11 to 4.17.15 (#45 ) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.15) Signed-off-by: dependabot[bot] <support@github.com>	2019-08-24 12:13:18 -04:00
James M. Greene	d43864199a	Force all scope names to be lowercased (#39 ) Fixes #38	2019-08-21 22:46:35 -04:00
Danny McCormick	3d792c1dbd	Consume toolkit from npmjs (#36 )	2019-08-20 10:29:19 -04:00
damccorm	a0c716db3e	Make typed-rest-client dependency explicit	2019-08-19 14:14:33 -04:00
damccorm	1c24df3126	User agent	2019-08-16 14:05:26 -04:00
Danny McCormick	dd2e8a486f	Use node-version instead of version (#28 ) * Use node-version instead of version * Add deprecation date	2019-08-13 16:32:09 -04:00
Danny McCormick	d963e800e3	Add badge	2019-08-12 15:10:38 -04:00
Danny McCormick	27212a1fbb	Update action name	2019-08-12 14:39:33 -04:00
Danny McCormick	78148dae50	Add auth support (#21 ) * Updates * Update * Update * Update * Update * Yarn sometimes prefers npmrc, so use same token * Description * Update readme * Feedback * Add type * new toolkit and scoped registries * npmrc in RUNNER_TEMP * Dont always auth * Try exporting blank token * Get auth working for now pending runner changes * Fix string interpolation for auth token. * Don't export both userconfigs * Update authutil.js * Add single quotes for authString * Fix the registry string. * Use userconfig and append trailing slash * Keep in root of repo * Try just adding auth token * Remove auth token * Try changes again * Add tests * Npm and GPR samples * Add types	2019-08-06 18:26:04 -04:00
Danny McCormick	0675b87d74	Update installer.js (#24 ) * Update installer.js * Update installer.ts * Update installer.js	2019-08-05 22:23:46 -04:00
Danny McCormick	213c968cb9	Update io (#22 )	2019-08-05 16:46:12 -04:00