js-devtools / npm-publish Goto Github PK

View Code? Open in Web Editor NEW

594.0 6.0 74.0 1.67 MB

GitHub Action to publish to NPM

Home Page: https://jstools.dev/npm-publish

License: MIT License

TypeScript 96.88% JavaScript 0.73% Shell 2.39%

github-action npm npm-publish version-checker version-bump nodejs javascript typescript

npm-publish's People

Contributors

Stargazers

Watchers

Forkers

chunbin1 brunocerk shahroztanveer jskobos mmarchini nikitaeverywhere shadynagy g-actions wolfflow lingyan000 stevewithington zardoy uwinkelvos stevenans66 janschill 5852305 mitchcroft ruscon nrukavkov artisan-coder easingthemes qualifyze rikoe q-o-ap forksss aliberkhsl hdalaq shiveshnavin tohaker 6thpath samad-ssa tomashq tshedisogerald seeeverything vanthang1995 thegiantbeast pavelzubkov mfranzke superblocksteam bany-olli crimsonarchive honzabilek4 polnikale k4153r81 janza big-blue-games antoniostipic greggman bluecargo azechner24 jays0606 alexnosse-bornlogic chlbri rxfork omelniz saravanasai lyzhang1999 charles-mwaniki cutlery42 onshape test-gha-market wechuli pikatl tutanck paritytech-actions-sandbox paritytech-actions-sandbox paritytech-actions supbose semanticexperts-actions asakimasaki eqtylab-actions bdr99 brandonfl-archives continuum-sbs

npm-publish's Issues

custom publish command

unfortunately for TS projects, especially Angular libs we often have to opt out from standard npm publish to custom script npm run publish.
See topic: https://stackoverflow.com/questions/38935176/how-to-npm-publish-specific-folder-but-as-package-root
often proposed workaround is using alternate publish script, like npm run publish that will do all the hacks.
Could you please add env variable npmpublish that will allow to override npm publish command with another non standard command.

Action modifies user's npmrc

I get the following error when using this action as github workflow using self hosted runner. It doesn't fail the build and it happens to all npm commands in the job.

Run npm ci
Error: Failed to replace env in config: ${INPUT_TOKEN}
    at /home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:415:13
    at String.replace (<anonymous>)
    at envReplace (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:411:12)
    at parseField (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:389:7)
    at /home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:330:24
    at Array.forEach (<anonymous>)
    at Conf.add (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:328:23)
    at ConfigChain.addString (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/node_modules/config-chain/index.js:244:8)
    at Conf.<anonymous> (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:316:10)
    at /home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/node_modules/graceful-fs/graceful-fs.js:123:16

Here's my workflow file:

name: CI
on: [push, pull_request]
jobs:
  execute:
    runs-on: self-hosted
    steps:
    - name: Set work folder permissions    
      run: pwd && sudo chown -R $USER:$USER ./
    - uses: actions/checkout@v2
    - name: Setup Node.js environment
      uses: actions/[email protected]
      with:
        node-version: 14.x
    - name: Cache node modules
      uses: actions/cache@v1
      env:
        cache-name: cache-node-modules
      with:
        path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-build-${{ env.cache-name }}-
          ${{ runner.os }}-build-
          ${{ runner.os }}-
    - name: Install dependencies
      run: npm ci
    - name: Run linter
      run: npm run lint
    - name: Run unit tests
      run: npm run test    
    - name: Build project
      run: npm run build
    - name: Publish to npm 
      uses: JS-DevTools/npm-publish@v1
      if: github.ref == 'refs/heads/master'
      with:
        token: ${{ secrets.NPM_AUTH_TOKEN }}

Edit:
After playing around a bit, I was able to do a workaround by setting INPUT_TOKEN to empty string.

    env: 
      INPUT_TOKEN: ''

`check-version` is slightly different from what I'd expect/want

With our workflow, we publish beta versions when changes are still in PR but others might want to check it out.

For example, if a package is at 0.24.0, I may make some changes in a PR and publish it as 0.25.0-beta-0. Even before merging it, the main branch will start to fail because, while 0.24.0 is already published, it's not the most "recent" version. This means the workflow step fails.

Is it possible to change it to check if the version is published at all, not just that it's the most recent version?

Invalid Version: 2023.01.17

Please see https://github.com/zazuko/rdf-vocabularies/actions/runs/3938156395/jobs/6736517234#step:5:10

Error: TypeError: Unable to parse package.json 
Invalid Version: 2023.01.17
    at Object.readManifest (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/read-manifest.ts:47:[11](https://github.com/zazuko/rdf-vocabularies/actions/runs/3938156395/jobs/6736517234#step:5:12))
    at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:15:18)
    at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)

Was fine when releasing 2022.11.28: https://github.com/zazuko/rdf-vocabularies/actions/runs/3568510580/jobs/5997458263

Release to GitHub Registry was failed.

Hello. I maintained the aws secrets manager actions.

Some months ago, I tried to release to GitHub Registry with this NPM Publish in GH Action.
I tried both times but It was failed.
I can not find why it was failed. I share my GH Actions code and Workflows.

Can you help me?

Tried GH Action workflow codess

https://github.com/say8425/aws-secrets-manager-actions/runs/1584302728?check_suite_focus=true

# .github/workflows/release.yml
- name: Rlease to GitHub Registry    
  uses: JS-DevTools/npm-publish@v1   
  with:    
    token: ${{ secrets.GITHUB_TOKEN }}   
    registry: 'https://npm.pkg.github.com'   
    access:  ${{ format('@{0}', github.repository_owner) }}

https://github.com/say8425/aws-secrets-manager-actions/runs/1338353950?check_suite_focus=true

# .github/workflows/release.yml
- name: Rlease to GitHub Registry
  uses: JS-DevTools/npm-publish@v1
  with:
    token: ${{ secrets.GITHUB_TOKEN }}
    registry: 'https://npm.pkg.github.com'

Raised GH Action Errors

Both of them raised a same error.

Error: Error: Unable to determine the current version of aws-secrets-manager-actions on NPM. 
npm view aws-secrets-manager-actions version exited with a status of 1.
npm ERR! code E404
npm ERR! 404 'aws-secrets-manager-actions' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404 
npm ERR! 404  'aws-secrets-manager-actions@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2020-12-20T10_21_04_628Z-debug.log
    at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:57:13)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
ProcessError: npm view aws-secrets-manager-actions version exited with a status of 1.
npm ERR! code E404
npm ERR! 404 'aws-secrets-manager-actions' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404 
npm ERR! 404  'aws-secrets-manager-actions@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2020-12-20T10_21_04_628Z-debug.log
    at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
    at ChildProcess.emit (events.js:210:5)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)

TypeError: Unable to parse package.json

Run JS-DevTools/npm-publish@v1
  with:
    token: ***
    check-version: true
    registry: https://registry.npmjs.org/
    package: package.json
    tag: latest
    dry-run: false
Error: TypeError: Unable to parse package.json 
Invalid Version: 0.0.2rc
    at Object.readManifest (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/read-manifest.ts:47:11)
    at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:15:18)
    at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)

TypeError: Invalid Version: 0.0.2rc
    at new SemVer (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js:38:13)
    at Object.readManifest (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/read-manifest.ts:40:16)
    at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:15:18)
    at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)

Is this happening because the version already exists on npm? or... because actually invalud version name?

0.0.1rc2 kind of name is acceptable by npm. and it works via npm / yarn publish cli. if this is the reason. i believe this needs to be fixed.

Authenticate via Username / Password

It would be nice to be able to authenticate via your npm username and password.

Action not working in my workflow?

I get this error in my workflow for some reason. I don't know why

Step:

    - name: Publish to NPM
      uses: JS-DevTools/npm-publish@v1
      with:
        token: ${{ secrets.NPM_TOKEN }}

If tag isn't specified, fall back to publishConfig

It would be great if the action can actually check if a tag is specified as part of publishConfig in package.json, otherwise whenever wanting to switch between @next or @latest for tags, I have to directly modify the github workflow file itself, which is kind of hidden away and easily forgotten.

Also, it is more correct to use the publishConfig fallback in package.json for tag, instead of hard-coding to latest if not specified in GitHub action options.

Initial publish

Hello! Thanks for the great action.

I noticed it always fails saying

##[error]Error: Unable to determine the current version of @pkg/NAME on NPM.

...when you do a first publish of the package (when you're just starting a repository). You need to manually push the first version, and then it will work.

Is it intended or can be fixed? I guess we can add an error handler here.

Thank you.

Support for --dry-run

npm publish has a --dry-run flag that would be very useful when testing workflows. It would be great to support an option that would run npm publish with this flag enabled. Happy to have a go at the PR if it would be helpful.

Publishing on PR

Having an issue where it's publishing when a version bump is in an unmerged PR

[bug] Runs 3 times

My workflow file:

on: release

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12
      - run: yarn install
      - run: yarn test
      - uses: JS-DevTools/npm-publish@v1
        with:
          token: ${{secrets.npm_token}}

Create git tag

Hi,
I'm migrating from https://github.com/marketplace/actions/publish-to-npm
as this npm-publish action seems better
However I'm missing one important feature: automatically creating git tags
Would be great to integrate this in this action

Erro when i run test

lee@RosedeMacBook-Pro npm-publish % npm test

> @jsdevtools/[email protected] test /Users/lee/myCode2/npm-publish
> mocha && npm run lint

(node:43329) ExperimentalWarning: The fs.promises API is experimental


  GitHub Action - failure tests
    1) "before each" hook: clean the .tmp directory for "should fail if the NPM token isn't set"


  0 passing (4ms)
  1 failing

  1) "before each" hook: clean the .tmp directory for "should fail if the NPM token isn't set":
     Error: ENOENT: no such file or directory, rmdir '/Users/lee/myCode2/npm-publish/test/.tmp'

publish.steps.type is always null

What

Fix documentation typo
Post-publish check for publish.steps.type != 'none' always fails as it is not being an updated part of publish step and always equals to null (see action debug output below)

##[debug]Evaluating: (success() && (steps.publish.outputs.type != 'none'))
......
......
##[debug]..Evaluating NotEqual:
##[debug]....Evaluating Index:
##[debug]......Evaluating Index:
##[debug]........Evaluating steps:
##[debug]........=> Object
##[debug]........Evaluating String:
##[debug]........=> 'publish'
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'type'
##[debug]....=> null
##[debug]....Evaluating Null:
##[debug]....=> null
##[debug]..=> false
##[debug]=> false
##[debug]Expanded: (true && (null != 'none'))

How

Update documentation: mention that one should use publish.steps.outputs.type instead of publish.steps.type.

Action debug output is below (how it works with steps.publish.outputs.type set properly):

##[debug]Evaluating: (success() && (steps.publish.outputs.type != 'none'))
##[debug]Evaluating And:
##[debug]..Evaluating success:
##[debug]..=> true
##[debug]..Evaluating NotEqual:
##[debug]....Evaluating Index:
##[debug]......Evaluating Index:
##[debug]........Evaluating Index:
##[debug]..........Evaluating steps:
##[debug]..........=> Object
##[debug]..........Evaluating String:
##[debug]..........=> 'publish'
##[debug]........=> Object
##[debug]........Evaluating String:
##[debug]........=> 'outputs'
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'type'
##[debug]....=> 'patch'
##[debug]....Evaluating String:
##[debug]....=> 'none'
##[debug]..=> true
##[debug]=> true
##[debug]Expanded: (true && ('patch' != 'none'))
##[debug]Result: true

Result

Documentation is updated

Action does not publish non-scoped package to NPM

EDIT: for now I'm going to continue working on the project, the repo at the time of writing is at this commit

Context

NPM package | GitHub repo | workflow file

The NPM_AUTH_TOKEN repo secret is a "publish" token, and I have temporarily disabled 2FA to try to get this working. (this same error also appears when using an "automation" token, and as expected a "read only" token will also refuse to publish).

You might notice the actions tab has a dozen workflow runs; this problem has persisted for the last 12 hours and recently switching to this action from npm publish has done absolutely nothing to change it.

The part that matters

My package just-checkit is currently on npm at version 0.1.0, published from my local machine.

When trying to publish 0.1.2, which is not (and never has been) on npm. via a github workflow I get the error output below.

I'm convinced this is an authorisation error, as making a PUT request to my package on the registry with valid authentication and without any request body doesn't reject with 404 NOT FOUND;
i.e. if this request was authorised it would have a different error message.

Output;

// tarball info, everything exactly as it should be 
npm notice Publishing to https://registry.npmjs.org/
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/just-checkit - Not found
npm ERR! 404 
npm ERR! 404  '[email protected]' is not in this registry.
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2022-05-29T11_52_06_400Z-debug-0.log
Error: Error: Unable to publish just-checkit v0.1.2 to NPM. 
npm publish --access public exited with a status of 1.
    at Object.publish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:112:13)
    at processTicksAndRejections (internal/process/task_queues.js:97:5)

ProcessError: npm publish --access public exited with a status of 1.
    at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
    at ChildProcess.emit (events.js:314:20)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:276:12)

Like I said this has been the exact same error for a while, and the sum of all the google searches I've made is roughly "lol good luck".

Did I Google it?

Yes, many, many times.

It seems that no one has had this issue before, or at least the cause of it for them is different from the cause here, none of the recommended solutions work.

I've been dragged all across github issues, stack overflow, npm docs, github community, and I'm honestly quite concerned that nothing I've found has worked.

The only time the error message changed was when I introduced a new error before this one by implementing a "solution".

Specify `ignore-scripts` when publishing

As noted in https://snyk.io/blog/github-actions-to-securely-publish-npm-packages/, it is insecure to allow scripts to execute at the time of publishing, so we should make sure that this configuration is applied

Getting 404 for first-time publish attempt

My package doesn’t exist yet. I want to use this action to publish it... but I get 404.

How do I perform an initial release?
@JamesMessinger

I am also curious about this. Why would it use “latest”? Shouldn’t it use “0.0.1” per the package.json?

npm ERR! 404 '@ibm-cloud/secrets-manager@latest' is not in the npm registry.

Complete log:

Error: Unable to determine the current version of @ibm-cloud/secrets-manager on NPM. 
npm view @ibm-cloud/secrets-manager version exited with a status of 1.

npm ERR! code E404
npm ERR! 404 '@ibm-cloud/secrets-manager' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404 
npm ERR! 404  '@ibm-cloud/secrets-manager@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2020-11-24T07_42_31_223Z-debug.log
    at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:57:13)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

ProcessError: npm view @ibm-cloud/secrets-manager version exited with a status of 1.

npm ERR! code E404
npm ERR! 404 '@ibm-cloud/secrets-manager' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404 
npm ERR! 404  '@ibm-cloud/secrets-manager@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2020-11-24T07_42_31_223Z-debug.log
    at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
    at ChildProcess.emit (events.js:210:5)

Verify if repository its fork

Dont run publish script if repository its fork

Configure publish directory

The signature of npm publish command allows to define the folder used as root:

npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>] [--dry-run]

Is it possible to configure <folder> parameter when using JS-DevTools/npm-publish action?

Chore: rename `master` branch to `main`

Should be pretty straightforward, but will require care to keep the GH Pages site up and running. Leaving this issue here to keep track of the task

Tarball content is "empty"

When I try to publish through GH Actions, tarball content is:

npm notice === Tarball Contents === 
npm notice 1.5kB package.json
npm notice 894B  README.md   
npm notice === Tarball Details ===

But when I run locally (npm-publish), it is:

npm notice === Tarball Contents ===
npm notice 928B  README.md
npm notice 631B  dist/calendar/Calendar.d.ts
npm notice 463B  dist/calendar/CalendarContext.d.ts
npm notice 330B  dist/calendar/CalendarDate.d.ts
npm notice 298B  dist/calendar/CalendarDates.d.ts
npm notice 388B  dist/calendar/CalendarHeader.d.ts
npm notice 376B  dist/calendar/CalendarWeekday.d.ts
npm notice 150B  dist/calendar/useCalendarDates.d.ts
npm notice 77B   dist/calendar/useCalendarHeader.d.ts
npm notice 61B   dist/calendar/utils/generateDates.d.ts
npm notice 71B   dist/common/LocalesContext.d.ts
npm notice 49B   dist/index.d.ts
npm notice 4.0kB dist/react-date-controls.es.js
npm notice 4.6kB dist/react-date-controls.umd.js
npm notice 1.5kB package.json
npm notice === Tarball Details ===

My workflow file:

name: npm-publish
on:
  push:
    branches: [ main ]
jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12.18.4
      - run: npm install
      - run: npm test
      - run: npm build
      - uses: JS-DevTools/npm-publish@v1
        with:
          token: ${{ secrets.NPM_AUTH_TOKEN }}

Publishing fails if package doesn't exist yet

I get the following error when first running my build for my package.

npm ERR! 404 '@scope/package' is not in the npm registry.

The version check seems to fail if the package doesn't exist yet.

I haven't tried this yet, but I can probably disable the version check, publish, and then re-enable the version check, but this would require 3 commits!

Ideally the version check should only affect the publication of the package if the package is already present.

Failed to publish

I've started to receive that error,

Run JS-DevTools/npm-publish@v1
  with:
    token: ***
    access: restricted
    registry: https://registry.npmjs.org/
    package: package.json
    dry-run: false
    check-version: true
Error: Error: Unable to read the NPM config file: /home/runner/.npmrc 
EISDIR: illegal operation on a directory, read
    at readNpmConfig (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-config.ts:8[7](https://github.com/blogfoster/query-mapper/actions/runs/4688157894/jobs/8308328076#step:10:7):11)

Error: EISDIR: illegal operation on a directory, read

Actions file

name: Check, Test & Publish

on:
  push:
    tags:
      - '*'
    branches:
      - master
  pull_request:
    branches:
      - master

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Setup node.js
        uses: actions/setup-node@v3
        with:
          node-version: 12

      - name: Publish to NPM
        uses: JS-DevTools/npm-publish@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          token: ${{ secrets.NPM_TOKEN }}
          tag: ${{ github.event.release.tag_name }}
          access: restricted

Any ideas?

Publish to a private registry authentication fails and work around

I tried to get this working with no success with auth issues:

npm ERR! 401 Unauthorized - GET https://<workspace>.bytesafe.dev/r/npm/@<scope-name>%2f<package-name> - Access Denied

I require the step Setup NPMrc for JS-DevTools for the auth to work

 - name: Setup NPMrc for JS-DevTools
   run: echo "//<workspace>.bytesafe.dev/r/npm/:_authToken=${{secrets.BYTESAFE_TOKEN}}" >> .npmrc
 - id: publish
    uses: JS-DevTools/npm-publish@v1
    with:
      registry: 'https://<workspace>.bytesafe.dev/r/npm/'
      token: ${{secrets.BYTESAFE_TOKEN}}
      access: restricted
      check-version: true
  - if: steps.publish.outputs.type != 'none'
     run: |
       echo "Version changed: ${{ steps.publish.outputs.old-version }} => ${{ steps.publish.outputs.version }}"

Am I configuring JS-DevTools/npm-publish@v1 wrong?

Error: Input required and not supplied: token

Hi, I have problem
npm-publish.yml
`on: push

jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 10
- run: npm install
- run: npm test
- uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_TOKEN }}`

and Here I have problem
Run JS-DevTools/npm-publish@v1 with: registry: https://registry.npmjs.org/ package: package.json tag: latest dry-run: false check-version: true Error: Error: Input required and not supplied: token at Object.getInput (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@actions/core/lib/core.js:94:1) at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:17:14) at Object.48 (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:74:1) at __webpack_require__ (/webpack/bootstrap:21:1) at startup (/webpack/bootstrap:40:1) at /webpack/bootstrap:44:1 at Object.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/index.js:50:10) at Module._compile (internal/modules/cjs/loader.js:959:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10) at Module.load (internal/modules/cjs/loader.js:815:32)

Run in subfolder

I have a monorepo with many packages and would like to use this action in different folders. Does the npm-publish action have an option for the working directory or similar?

[bug] steps.publish.type, steps.publish.version is always ""

name: npm publish

on:
  push:
    branches:
      - master

jobs:
  npm-publish:
    name: npm publish
    runs-on: ubuntu-latest
    steps:
      - name: checkout repository
        uses: actions/checkout@master
      - name: setup Node.js
        uses: actions/setup-node@master
        with:
          node-version: "12.x"
      - name: Install npm dependencies (npm ci)
        run: npm ci
      - name: npm publish
        id: publish
        uses: JS-DevTools/npm-publish@v1
        with:
          token: ${{ secrets.NPM_AUTH_TOKEN }}
      - name: output version name
        run: echo type = ${{ steps.publish.type }}, version = ${{ steps.publish.version }}

output

type = , version =

working-directory not respected

In the docs for Github Actions working-directory is specified as a default which can be configured on a whole workflow. This means that every action, ultimately, should respect the working-directory option.

This action does not.

Unable To Publish To Github Package Registry !!

I have tried to use this action to publish in Github Package Registry .

but it keeps failing

here is the action log
https://github.com/varunsridharan/npm-proxy/runs/1177247171?check_suite_focus=true

Note i did merge #12 in my fork and did a small change but still can't get it to work.

Changes I did : g-actions@5a1378e

"Dependencies" badge doesn't work anymore

The david-dm.org service for displaying dependency update status doesn't seem to work for a little longer now, so that the image on your README is broken.

Upgrade Action to use node 16 instead of node 12

Following the recent blog post "GitHub Actions: All Actions will begin running on Node16 instead of Node12" by GitHub, I noticed this action is still running on node12:

npm-publish/action.yml

Lines 58 to 60 in e42e372

 runs: 

 using: node12 

 main: dist/index.js

It should be fairly easy to change this by replacing using: node12 with using: node16 - I wouldn't expect anything in this Action's source code to break as a result of that.

One thing to note, by and large I've seen other Actions use a major version bump when releasing this change. The motivation being that older GitHub Actions runners may not support node16. See for example the "What's new" section of actions/checkout.

Any way to don't publish if not already published?

Hi! I've been using it for a while and I appreciate your work ;)

I want to include it on my boilerplates generator, but I would like that it would only run publish if the package is already published, to avoid accidental publishing due to some specific reasons. I know right that it's possible to use another branch to avoid the publishing, but I want to know if it's possible.

Thanks!

Deprecation warning for 'set-output'

When using the action as follows:

- uses: JS-DevTools/npm-publish@v1
              with:
                  package: ./extra/apps/app-campaigns/package.json
                  token: ${{ secrets.NPM_TOKEN }}
                  access: public

We are getting a warning:

publish The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environ

`Warning: Unexpected input(s) 'greater-version-only'` on action run

According to the readme I can pass a boolean greater-version-only, which ensures that if the latest version is, for example, 1.2.5, I cannot publish 1.2.4, even if 1.2.4 has never been published.

When running in a workflow, I get the following warning;

Warning: Unexpected input(s) 'greater-version-only', valid inputs are ['token', 'registry', 'package', 'tag', 'access', 'dry-run', 'check-version']

Here's the workflow run I'm referring to.

Is greater-version-only a valid option, and the action is just missing something in the warning condition? Or does that config option actually not exist, and is incorrectly documented?

The registry parameter doesn't work

When setting the registry parameter to a value. I expect that this value will be used during publication. Unfortunately, this doesn't happen, a default value is always used.
I've set it up to use "npm-private"

But here you can see it uses different URL during publish.

Not using `version` from `package.json`

My GitHub Action automatically updates my package.json with the correct version number based on the changes that were done during that release. Recently I noticed that what is being published to NPM doesn't align with the version in my package.json.

Below is my workflow for deploying to NPM. This step is done after built, version bumped, changelog and a release created in GitHub. I've been able to verify that my version is bumping correctly and the changelog + GitHub is reflecting this.

I would expect that this deploy action would take it's version from package.json which is correct but it appears as if it's looking to npm and just bumping whatever is already there?

Deploy to NPM Workflow

name: Deploy to NPM

on:
  workflow_dispatch:
  repository_dispatch:
    types: [run-deploy-to-npm]

jobs:
  # https://github.com/marketplace/actions/npm-publish
  npm-publish:
    name: Publish Latest to NPM
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          ref: ${{ github.event.client_payload.sha }}

      - run: 'echo "SHA: ${{github.event.client_payload.sha }}"'

      - name: Setup Node.js
        uses: actions/setup-node@v1
        with:
          node-version: 10

      - name: Install dependencies
        run: yarn install

      - name: Build package
        run: yarn build

      - name: Publish to NPM
        uses: JS-DevTools/npm-publish@v1
        with:
          package: dist/libs/dot-components/package.json
          token: ${{ secrets.NPM_TOKEN }}

Chore: release version 2

We need to release a new version of this action! Planned changes:

Fix: switch to Node v16 due to deprecation of Node v14 actions
- #61
Fix: upgrade @actions/core due to deprecation of stdout-based output variables
- #67
Fix: do not mess with ~/.npmrc
- #15
Feature: add ability to pass package_spec to npm publish
- #59
Feature: add ability to pass a .tgz to npm publish
- #81
Fix (BREAKING): Re-work call to npm to avoid changing the working directory
- #51
Fix (BREAKING): pass --ignore-scripts to npm by default
- #47
Chore (BREAKING): Drop support for Node v14 and below in npm package due to imminent v14 EOL

There's a few other bug issues open, but nothing that looks like a breaking change. If we can land fixes, great, but getting the deprecations fixed is the priority given the June 1 deadline.

Release should happen on a Monday, Tuesday, or Wednesday to give any users of this action (and us!) time during the week to react to any issues.

Publish function always reports publishing to NPM even when alternative registry is used

The package supports multiple registry URLs to publish to, however it always reports success/failure of publishing to NPM regardless of which registry was configured as the target.

Ideally it would parse the registry URL and determine which was being used, and report that.

For use cases where there may be multiple registries being published to, it becomes particularly useful to be able to avoid confusion about which was being use in a certain CI step, for example.

I imagine updating this string, and the equivalent in the CLI, to use an interpolation rather than the hardcoded NPM would do the trick.

Sample output from a Github Workflow running this action and publishing to the Github Package Registry:

Run JS-DevTools/npm-publish@v1
  with:
    token: ***
    registry: https://npm.pkg.github.com/
    package: package.json
    tag: latest
    dry-run: false
    check-version: true

> @<scope>/[email protected] prepublishOnly .
> npm test && npm run lint


> @<scope>/[email protected] test /home/runner/work/github-package-publish-test/github-package-publish-test
> jest --config jestconfig.json

PASS src/__tests__/index.test.ts
  ✓ init (2 ms)

Test Suites: 1 passed, 1 total
Tests:       1 passed, 1 total
Snapshots:   0 total
Time:        1.133 s, estimated 3 s
Ran all test suites.

> @<scope>/[email protected] lint /home/runner/work/github-package-publish-test/github-package-publish-test
> tslint -p tsconfig.json

npm notice 
npm notice 📦  @<scope>/[email protected]
npm notice === Tarball Contents === 
npm notice 189B  dist/index.js  
npm notice 1.5kB package.json   
npm notice 1.1kB README.md      
npm notice 42B   dist/index.d.ts
npm notice === Tarball Details === 
npm notice name:          @<scope>/github-package-publish-test 
npm notice version:       0.0.3                                   
npm notice package size:  1.3 kB                                  
npm notice unpacked size: 2.9 kB                                  
npm notice shasum:        d509a842e5f47f0ba3b154328a286e402ba983b3
npm notice integrity:     sha512-wrpD7XDhT+nKT[...]Vn5MxPGw8DxQA==
npm notice total files:   4                                       
npm notice 
+ @<scope>/[email protected]

📦 Successfully published @<scope>/github-package-publish-test v0.0.3 to NPM

Question about npm publishing with 2FA on

Hi,
before trying, I would like to know if it's possible to use this action when you have 2FA configured on your npm account?
When I publish manually using npm publish, I'm prompted for my OTP. Will this prevent the action from completing?

Token Authentication Failure on Publish to Custom Registry

Not entirely sure if this is an issue or a misconfiguration on my part but any guidence would be greatly appreciated.

I've been trying to setup a private registry that I can use to host various Unity packages that I've created over the years in a single location, using this tool to automatically publish updates.

I setup the GitHub action following the example in the readme for the package with some slight tweaks to point it at my custom package registry.

on:
  push:
    branches: [ packages ]

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 10
      - run: npm install
      - name: NPM Publish
        uses: JS-DevTools/npm-publish@v1
        with:
          token: ${{ secrets.NPM_TOKEN }}
          registry: [RegistryAddress:Port]  # Substituted for privacy
          package: ${{ github.workspace }}/Assets/MCU_Core/package.json

Everything appears to work, running with dry-run: true runs through the action as one would expect. It generates a package and stops short of publishing it. When the version in the package.json is not modified it's able to read the previous version and not publish the package.

But when trying to run the actual action to publish updates, I seem unable to fix the npm ERR! code E401 Unable to authenticate, your authentication token seems to be invalid error that is caused. I've used powershell with my authentication token to call npm publish --registry=[RegistryAddress:Port]/:_authToken=[AutomationAuthToken] manually with success. I've crawled through the forum posts to try and determine what the cause could be (package.json setup, npmjs.com account verification etc.).

I've attached the log for the NPM Publish step in case that's any help
NPMPublishStep.log

Any assistance in resolving this would be greatly appreciated, just starting out with this kind of setup and am open to any suggestions you may have.

Package successfully publishes to npmjs but also throws a 403

My workflow successfully publishes the package, but then it throws an 403 error that it is already published. Is it getting published twice?

https://github.com/Yrlish/eslint-config/blob/master/.github/workflows/push.yml

2021-05-06T17:48:44.3770137Z ##[group]Run JS-DevTools/npm-publish@v1
2021-05-06T17:48:44.3770604Z with:
2021-05-06T17:48:44.3771391Z   token: ***
2021-05-06T17:48:44.3771722Z   access: public
2021-05-06T17:48:44.3772239Z   registry: https://registry.npmjs.org/
2021-05-06T17:48:44.3772773Z   package: package.json
2021-05-06T17:48:44.3773129Z   tag: latest
2021-05-06T17:48:44.3773426Z   dry-run: false
2021-05-06T17:48:44.3773785Z   check-version: true
2021-05-06T17:48:44.3774566Z ##[endgroup]
2021-05-06T17:48:46.9993816Z npm notice 
2021-05-06T17:48:47.0006999Z npm notice 📦  @yrlish/[email protected]
2021-05-06T17:48:47.0010525Z npm notice === Tarball Contents === 
2021-05-06T17:48:47.0028823Z npm notice 161B react.js     
2021-05-06T17:48:47.0033194Z npm notice 600B typescript.js
2021-05-06T17:48:47.0034478Z npm notice 257B package.json 
2021-05-06T17:48:47.0035358Z npm notice 503B README.md    
2021-05-06T17:48:47.0036787Z npm notice === Tarball Details === 
2021-05-06T17:48:47.0053819Z npm notice name:          @yrlish/eslint-config                   
2021-05-06T17:48:47.0055146Z npm notice version:       1.0.5                                   
2021-05-06T17:48:47.0056244Z npm notice package size:  736 B                                   
2021-05-06T17:48:47.0057095Z npm notice unpacked size: 1.5 kB                                  
2021-05-06T17:48:47.0058112Z npm notice shasum:        937dc9c1be79b36fb047ffc407fc15a12ad6a086
2021-05-06T17:48:47.0059691Z npm notice integrity:     sha512-N8kwW6U6tUcpF[...]nICbf0hZtQyOA==
2021-05-06T17:48:47.0061900Z npm notice total files:   4                                       
2021-05-06T17:48:47.0062964Z npm notice 
2021-05-06T17:48:49.8407528Z 
2021-05-06T17:48:49.8409295Z > @yrlish/[email protected] publish .
2021-05-06T17:48:49.8410804Z > npm publish --access public
2021-05-06T17:48:49.8411418Z 
2021-05-06T17:48:50.2657381Z npm notice 
2021-05-06T17:48:50.2670244Z npm notice 📦  @yrlish/[email protected]
2021-05-06T17:48:50.2673373Z npm notice === Tarball Contents === 
2021-05-06T17:48:50.2690973Z npm notice 161B react.js     
2021-05-06T17:48:50.2706591Z npm notice 600B typescript.js
2021-05-06T17:48:50.2707379Z npm notice 257B package.json 
2021-05-06T17:48:50.2708334Z npm notice 503B README.md    
2021-05-06T17:48:50.2709024Z npm notice === Tarball Details === 
2021-05-06T17:48:50.2710667Z npm notice name:          @yrlish/eslint-config                   
2021-05-06T17:48:50.2711541Z npm notice version:       1.0.5                                   
2021-05-06T17:48:50.2712367Z npm notice package size:  736 B                                   
2021-05-06T17:48:50.2713873Z npm notice unpacked size: 1.5 kB                                  
2021-05-06T17:48:50.2714838Z npm notice shasum:        937dc9c1be79b36fb047ffc407fc15a12ad6a086
2021-05-06T17:48:50.2716163Z npm notice integrity:     sha512-N8kwW6U6tUcpF[...]nICbf0hZtQyOA==
2021-05-06T17:48:50.2717092Z npm notice total files:   4                                       
2021-05-06T17:48:50.2717732Z npm notice 
2021-05-06T17:48:50.7387303Z npm ERR! code E403
2021-05-06T17:48:50.7446322Z npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@yrlish%2feslint-config - You cannot publish over the previously published versions: 1.0.5.
2021-05-06T17:48:50.7447944Z npm ERR! 403 In most cases, you or one of your dependencies are requesting
2021-05-06T17:48:50.7448996Z npm ERR! 403 a package version that is forbidden by your security policy.
2021-05-06T17:48:50.7499681Z 
2021-05-06T17:48:50.7502366Z npm ERR! A complete log of this run can be found in:
2021-05-06T17:48:50.7503508Z npm ERR!     /home/runner/.npm/_logs/2021-05-06T17_48_50_744Z-debug.log
2021-05-06T17:48:50.7610005Z npm ERR! code ELIFECYCLE
2021-05-06T17:48:50.7610534Z npm ERR! errno 1
2021-05-06T17:48:50.7689051Z npm ERR! @yrlish/[email protected] publish: `npm publish --access public`
2021-05-06T17:48:50.7690553Z npm ERR! Exit status 1
2021-05-06T17:48:50.7691927Z npm ERR! 
2021-05-06T17:48:50.7692985Z npm ERR! Failed at the @yrlish/[email protected] publish script.
2021-05-06T17:48:50.7693928Z npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
2021-05-06T17:48:50.7764628Z npm WARN Local package.json exists, but node_modules missing, did you mean to install?
2021-05-06T17:48:50.7768160Z 
2021-05-06T17:48:50.7768825Z npm ERR! A complete log of this run can be found in:
2021-05-06T17:48:50.7770529Z npm ERR!     /home/runner/.npm/_logs/2021-05-06T17_48_50_769Z-debug.log
2021-05-06T17:48:50.8162402Z ##[error]Error: Unable to publish @yrlish/eslint-config v1.0.5 to NPM. 
npm publish --access public exited with a status of 1.
    at Object.publish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:112:13)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)

ProcessError: npm publish --access public exited with a status of 1.
    at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
    at ChildProcess.emit (events.js:210:5)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)

Error: TypeError: Unable to determine the current version of @owner/repo on NPM.

Hello there, I am using npm https://npm.pkg.github.com as my npm package registry. Unfortunately i always get this error when it start my workflow.
Full log comes here:

Run JS-DevTools/npm-publish@v1
with:
token: ***
registry: https://npm.pkg.github.com
check-version: false
package: package.json
tag: latest
dry-run: false
Error: TypeError: Unable to determine the current version of @cpotter302/ubuntu-welcome-page on NPM.
Invalid Version:
at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:57:13)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:16:26)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)

TypeError: Invalid Version:
at new SemVer (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js:41:13)
at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:51:20)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:16:26)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)

Publishing scoped packages

I have a scoped package that is meant to be public, this should be accomplished with “—access public”, but the doc makes it sound like scoped packages should not use this, which is confusing...

Yarn support

Hi,

Thank you for this action.
Is there a simple way to use yarn install | publish instead of npm?

Custom registry URL is truncated for token config

I had a problem where the action would fail with 403 when trying to push to a custom registry. I noticed that in the .npmrc the registry URL was truncated (so instead of //some.domain/a/path/:_authToken=${INPUT_TOKEN} there was //some.domain/:_authToken=${INPUT_TOKEN}).

With a small change in npm-config.ts to use the full URL the action succeeded without any further problems:

  let authDomain = registry.href.slice(registry.protocol.length);
  if (!authDomain.endsWith("/"))
    authDomain += "/";

Version 1.4.1 throws error

Consistently receive an error when attempting to run version 1.4.1 of this action. See failed workflow steps here and here.

LOG:

Run JS-DevTools/npm-publish@v1
  with:
    token: ***
    access: public
    registry: https://registry.npmjs.org/
    package: package.json
    tag: latest
    dry-run: false
    check-version: true
Error: Cannot find module '../internal/parse-options'
Require stack:
- /home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js
- /home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/index.js
- /home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/index.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:797:15)
    at Function.Module._load (internal/modules/cjs/loader.js:690:27)
    at Module.require (internal/modules/cjs/loader.js:852:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js:5:22)
    at Module._compile (internal/modules/cjs/loader.js:959:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
    at Module.load (internal/modules/cjs/loader.js:815:32)
    at Function.Module._load (internal/modules/cjs/loader.js:727:14)
    at Module.require (internal/modules/cjs/loader.js:852:19)

WORKAROUND: Use version 1.4.0 (in your Github Workflow write uses: JS-DevTools/[email protected] instead of uses: JS-DevTools/npm-publish@v1

Add an option to only allow incremental package versions to be published

It appears that using the semver.diff function only checks if the package version is different, and subsequently ignores whether the version is actually a higher or lower version.

I'd like to add an option that uses semver.compare to only run if the new package version is higher than that already published. I'm thinking something along the lines of greater-version (default: false, for backwards compatibility).

I'll raise a PR with an implementation too.

Checking for npm package existence should ignore tag and check against all versions

The tag property is clearly needed when actually publishing a package, but I don't think it should be used for checking whether a package exists.

In fact, it looks like the current code just does npm view <package>@<tag> version, which will:

say the package doesn't exist if the tag is different, or has previous been published with no tag (or is no longer "latest")
say the package doesn't exist if the version isn't the most recent version for that tag

Both of these will result in false negatives, where it will then try to publish the package because it thinks it doesn't exist, but it actually does, and the publish will fail.

Instead, it should ignore the tag entirely, and just use npm view <package> versions, which returns all versions of the package, and then do a contains check to see if the version being checked matches any of them.

I would recommend using an existing dependency for this, e.g. https://github.com/azu/can-npm-publish