js-devtools / npm-publish Goto Github PK
View Code? Open in Web Editor NEWGitHub Action to publish to NPM
Home Page: https://jstools.dev/npm-publish
License: MIT License
GitHub Action to publish to NPM
Home Page: https://jstools.dev/npm-publish
License: MIT License
unfortunately for TS projects, especially Angular libs we often have to opt out from standard npm publish
to custom script npm run publish
.
See topic: https://stackoverflow.com/questions/38935176/how-to-npm-publish-specific-folder-but-as-package-root
often proposed workaround is using alternate publish script, like npm run publish
that will do all the hacks.
Could you please add env variable npmpublish
that will allow to override npm publish
command with another non standard command.
I get the following error when using this action as github workflow using self hosted runner. It doesn't fail the build and it happens to all npm commands in the job.
Run npm ci
Error: Failed to replace env in config: ${INPUT_TOKEN}
at /home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:415:13
at String.replace (<anonymous>)
at envReplace (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:411:12)
at parseField (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:389:7)
at /home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:330:24
at Array.forEach (<anonymous>)
at Conf.add (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:328:23)
at ConfigChain.addString (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/node_modules/config-chain/index.js:244:8)
at Conf.<anonymous> (/home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/lib/config/core.js:316:10)
at /home/ubuntu/actions-runner/_work/_tool/node/14.13.0/x64/lib/node_modules/npm/node_modules/graceful-fs/graceful-fs.js:123:16
Here's my workflow file:
name: CI
on: [push, pull_request]
jobs:
execute:
runs-on: self-hosted
steps:
- name: Set work folder permissions
run: pwd && sudo chown -R $USER:$USER ./
- uses: actions/checkout@v2
- name: Setup Node.js environment
uses: actions/[email protected]
with:
node-version: 14.x
- name: Cache node modules
uses: actions/cache@v1
env:
cache-name: cache-node-modules
with:
path: ~/.npm # npm cache files are stored in `~/.npm` on Linux/macOS
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Install dependencies
run: npm ci
- name: Run linter
run: npm run lint
- name: Run unit tests
run: npm run test
- name: Build project
run: npm run build
- name: Publish to npm
uses: JS-DevTools/npm-publish@v1
if: github.ref == 'refs/heads/master'
with:
token: ${{ secrets.NPM_AUTH_TOKEN }}
Edit:
After playing around a bit, I was able to do a workaround by setting INPUT_TOKEN
to empty string.
env:
INPUT_TOKEN: ''
With our workflow, we publish beta versions when changes are still in PR but others might want to check it out.
For example, if a package is at 0.24.0
, I may make some changes in a PR and publish it as 0.25.0-beta-0
. Even before merging it, the main branch will start to fail because, while 0.24.0
is already published, it's not the most "recent" version. This means the workflow step fails.
Is it possible to change it to check if the version is published at all, not just that it's the most recent version?
Please see https://github.com/zazuko/rdf-vocabularies/actions/runs/3938156395/jobs/6736517234#step:5:10
Error: TypeError: Unable to parse package.json
Invalid Version: 2023.01.17
at Object.readManifest (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/read-manifest.ts:47:[11](https://github.com/zazuko/rdf-vocabularies/actions/runs/3938156395/jobs/6736517234#step:5:12))
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:15:18)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)
Was fine when releasing 2022.11.28
: https://github.com/zazuko/rdf-vocabularies/actions/runs/3568510580/jobs/5997458263
Hello. I maintained the aws secrets manager actions.
Some months ago, I tried to release to GitHub Registry with this NPM Publish in GH Action.
I tried both times but It was failed.
I can not find why it was failed. I share my GH Actions code and Workflows.
Can you help me?
# .github/workflows/release.yml
- name: Rlease to GitHub Registry
uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
registry: 'https://npm.pkg.github.com'
access: ${{ format('@{0}', github.repository_owner) }}
# .github/workflows/release.yml
- name: Rlease to GitHub Registry
uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
registry: 'https://npm.pkg.github.com'
Both of them raised a same error.
Error: Error: Unable to determine the current version of aws-secrets-manager-actions on NPM.
npm view aws-secrets-manager-actions version exited with a status of 1.
npm ERR! code E404
npm ERR! 404 'aws-secrets-manager-actions' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404
npm ERR! 404 'aws-secrets-manager-actions@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2020-12-20T10_21_04_628Z-debug.log
at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:57:13)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
ProcessError: npm view aws-secrets-manager-actions version exited with a status of 1.
npm ERR! code E404
npm ERR! 404 'aws-secrets-manager-actions' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404
npm ERR! 404 'aws-secrets-manager-actions@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2020-12-20T10_21_04_628Z-debug.log
at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
at ChildProcess.emit (events.js:210:5)
at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
Run JS-DevTools/npm-publish@v1
with:
token: ***
check-version: true
registry: https://registry.npmjs.org/
package: package.json
tag: latest
dry-run: false
Error: TypeError: Unable to parse package.json
Invalid Version: 0.0.2rc
at Object.readManifest (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/read-manifest.ts:47:11)
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:15:18)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)
TypeError: Invalid Version: 0.0.2rc
at new SemVer (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js:38:13)
at Object.readManifest (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/read-manifest.ts:40:16)
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:15:18)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)
Is this happening because the version already exists on npm? or... because actually invalud version name?
0.0.1rc2
kind of name is acceptable by npm. and it works via npm / yarn publish cli. if this is the reason. i believe this needs to be fixed.
It would be nice to be able to authenticate via your npm username and password.
It would be great if the action can actually check if a tag is specified as part of publishConfig
in package.json, otherwise whenever wanting to switch between @next or @latest for tags, I have to directly modify the github workflow file itself, which is kind of hidden away and easily forgotten.
Also, it is more correct to use the publishConfig fallback in package.json for tag, instead of hard-coding to latest if not specified in GitHub action options.
Hello! Thanks for the great action.
I noticed it always fails saying
##[error]Error: Unable to determine the current version of @pkg/NAME on NPM.
...when you do a first publish of the package (when you're just starting a repository). You need to manually push the first version, and then it will work.
Is it intended or can be fixed? I guess we can add an error handler here.
Thank you.
npm publish
has a --dry-run
flag that would be very useful when testing workflows. It would be great to support an option that would run npm publish
with this flag enabled. Happy to have a go at the PR if it would be helpful.
Having an issue where it's publishing when a version bump is in an unmerged PR
Hi,
I'm migrating from https://github.com/marketplace/actions/publish-to-npm
as this npm-publish
action seems better
However I'm missing one important feature: automatically creating git tags
Would be great to integrate this in this action
lee@RosedeMacBook-Pro npm-publish % npm test
> @jsdevtools/[email protected] test /Users/lee/myCode2/npm-publish
> mocha && npm run lint
(node:43329) ExperimentalWarning: The fs.promises API is experimental
GitHub Action - failure tests
1) "before each" hook: clean the .tmp directory for "should fail if the NPM token isn't set"
0 passing (4ms)
1 failing
1) "before each" hook: clean the .tmp directory for "should fail if the NPM token isn't set":
Error: ENOENT: no such file or directory, rmdir '/Users/lee/myCode2/npm-publish/test/.tmp'
Fix documentation typo
Post-publish check for publish.steps.type != 'none'
always fails as it is not being an updated part of publish
step and always equals to null (see action debug output below)
##[debug]Evaluating: (success() && (steps.publish.outputs.type != 'none'))
......
......
##[debug]..Evaluating NotEqual:
##[debug]....Evaluating Index:
##[debug]......Evaluating Index:
##[debug]........Evaluating steps:
##[debug]........=> Object
##[debug]........Evaluating String:
##[debug]........=> 'publish'
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'type'
##[debug]....=> null
##[debug]....Evaluating Null:
##[debug]....=> null
##[debug]..=> false
##[debug]=> false
##[debug]Expanded: (true && (null != 'none'))
Update documentation: mention that one should use publish.steps.outputs.type
instead of publish.steps.type
.
Action debug output is below (how it works with steps.publish.outputs.type
set properly):
##[debug]Evaluating: (success() && (steps.publish.outputs.type != 'none'))
##[debug]Evaluating And:
##[debug]..Evaluating success:
##[debug]..=> true
##[debug]..Evaluating NotEqual:
##[debug]....Evaluating Index:
##[debug]......Evaluating Index:
##[debug]........Evaluating Index:
##[debug]..........Evaluating steps:
##[debug]..........=> Object
##[debug]..........Evaluating String:
##[debug]..........=> 'publish'
##[debug]........=> Object
##[debug]........Evaluating String:
##[debug]........=> 'outputs'
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'type'
##[debug]....=> 'patch'
##[debug]....Evaluating String:
##[debug]....=> 'none'
##[debug]..=> true
##[debug]=> true
##[debug]Expanded: (true && ('patch' != 'none'))
##[debug]Result: true
Documentation is updated
EDIT: for now I'm going to continue working on the project, the repo at the time of writing is at this commit
NPM package | GitHub repo | workflow file
The NPM_AUTH_TOKEN
repo secret is a "publish" token, and I have temporarily disabled 2FA to try to get this working. (this same error also appears when using an "automation" token, and as expected a "read only" token will also refuse to publish).
You might notice the actions tab has a dozen workflow runs; this problem has persisted for the last 12 hours and recently switching to this action from npm publish
has done absolutely nothing to change it.
My package just-checkit
is currently on npm at version 0.1.0, published from my local machine.
When trying to publish 0.1.2, which is not (and never has been) on npm. via a github workflow I get the error output below.
I'm convinced this is an authorisation error, as making a PUT
request to my package on the registry with valid authentication and without any request body doesn't reject with 404 NOT FOUND
;
i.e. if this request was authorised it would have a different error message.
Output;
// tarball info, everything exactly as it should be
npm notice Publishing to https://registry.npmjs.org/
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/just-checkit - Not found
npm ERR! 404
npm ERR! 404 '[email protected]' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2022-05-29T11_52_06_400Z-debug-0.log
Error: Error: Unable to publish just-checkit v0.1.2 to NPM.
npm publish --access public exited with a status of 1.
at Object.publish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:112:13)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
ProcessError: npm publish --access public exited with a status of 1.
at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
at ChildProcess.emit (events.js:314:20)
at Process.ChildProcess._handle.onexit (internal/child_process.js:276:12)
Like I said this has been the exact same error for a while, and the sum of all the google searches I've made is roughly "lol good luck".
Yes, many, many times.
It seems that no one has had this issue before, or at least the cause of it for them is different from the cause here, none of the recommended solutions work.
I've been dragged all across github issues, stack overflow, npm docs, github community, and I'm honestly quite concerned that nothing I've found has worked.
The only time the error message changed was when I introduced a new error before this one by implementing a "solution".
As noted in https://snyk.io/blog/github-actions-to-securely-publish-npm-packages/, it is insecure to allow scripts to execute at the time of publishing, so we should make sure that this configuration is applied
My package doesnβt exist yet. I want to use this action to publish it... but I get 404.
How do I perform an initial release?
@JamesMessinger
I am also curious about this. Why would it use βlatestβ? Shouldnβt it use β0.0.1β per the package.json?
npm ERR! 404 '@ibm-cloud/secrets-manager@latest' is not in the npm registry.
Complete log:
Error: Unable to determine the current version of @ibm-cloud/secrets-manager on NPM.
npm view @ibm-cloud/secrets-manager version exited with a status of 1.
npm ERR! code E404
npm ERR! 404 '@ibm-cloud/secrets-manager' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404
npm ERR! 404 '@ibm-cloud/secrets-manager@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2020-11-24T07_42_31_223Z-debug.log
at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:57:13)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
ProcessError: npm view @ibm-cloud/secrets-manager version exited with a status of 1.
npm ERR! code E404
npm ERR! 404 '@ibm-cloud/secrets-manager' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! 404
npm ERR! 404 '@ibm-cloud/secrets-manager@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2020-11-24T07_42_31_223Z-debug.log
at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
at ChildProcess.emit (events.js:210:5)
Dont run publish script if repository its fork
The signature of npm publish
command allows to define the folder used as root:
npm publish [<tarball>|<folder>] [--tag <tag>] [--access <public|restricted>] [--dry-run]
Is it possible to configure <folder>
parameter when using JS-DevTools/npm-publish
action?
Should be pretty straightforward, but will require care to keep the GH Pages site up and running. Leaving this issue here to keep track of the task
When I try to publish through GH Actions, tarball content is:
npm notice === Tarball Contents ===
npm notice 1.5kB package.json
npm notice 894B README.md
npm notice === Tarball Details ===
But when I run locally (npm-publish), it is:
npm notice === Tarball Contents ===
npm notice 928B README.md
npm notice 631B dist/calendar/Calendar.d.ts
npm notice 463B dist/calendar/CalendarContext.d.ts
npm notice 330B dist/calendar/CalendarDate.d.ts
npm notice 298B dist/calendar/CalendarDates.d.ts
npm notice 388B dist/calendar/CalendarHeader.d.ts
npm notice 376B dist/calendar/CalendarWeekday.d.ts
npm notice 150B dist/calendar/useCalendarDates.d.ts
npm notice 77B dist/calendar/useCalendarHeader.d.ts
npm notice 61B dist/calendar/utils/generateDates.d.ts
npm notice 71B dist/common/LocalesContext.d.ts
npm notice 49B dist/index.d.ts
npm notice 4.0kB dist/react-date-controls.es.js
npm notice 4.6kB dist/react-date-controls.umd.js
npm notice 1.5kB package.json
npm notice === Tarball Details ===
My workflow file:
name: npm-publish
on:
push:
branches: [ main ]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 12.18.4
- run: npm install
- run: npm test
- run: npm build
- uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_AUTH_TOKEN }}
I get the following error when first running my build for my package.
npm ERR! 404 '@scope/package' is not in the npm registry.
The version check seems to fail if the package doesn't exist yet.
I haven't tried this yet, but I can probably disable the version check, publish, and then re-enable the version check, but this would require 3 commits!
Ideally the version check should only affect the publication of the package if the package is already present.
I've started to receive that error,
Run JS-DevTools/npm-publish@v1
with:
token: ***
access: restricted
registry: https://registry.npmjs.org/
package: package.json
dry-run: false
check-version: true
Error: Error: Unable to read the NPM config file: /home/runner/.npmrc
EISDIR: illegal operation on a directory, read
at readNpmConfig (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-config.ts:8[7](https://github.com/blogfoster/query-mapper/actions/runs/4688157894/jobs/8308328076#step:10:7):11)
Error: EISDIR: illegal operation on a directory, read
Actions file
name: Check, Test & Publish
on:
push:
tags:
- '*'
branches:
- master
pull_request:
branches:
- master
jobs:
publish:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup node.js
uses: actions/setup-node@v3
with:
node-version: 12
- name: Publish to NPM
uses: JS-DevTools/npm-publish@v1
if: startsWith(github.ref, 'refs/tags/')
with:
token: ${{ secrets.NPM_TOKEN }}
tag: ${{ github.event.release.tag_name }}
access: restricted
Any ideas?
I tried to get this working with no success with auth issues:
npm ERR! 401 Unauthorized - GET https://<workspace>.bytesafe.dev/r/npm/@<scope-name>%2f<package-name> - Access Denied
I require the step Setup NPMrc for JS-DevTools for the auth to work
- name: Setup NPMrc for JS-DevTools
run: echo "//<workspace>.bytesafe.dev/r/npm/:_authToken=${{secrets.BYTESAFE_TOKEN}}" >> .npmrc
- id: publish
uses: JS-DevTools/npm-publish@v1
with:
registry: 'https://<workspace>.bytesafe.dev/r/npm/'
token: ${{secrets.BYTESAFE_TOKEN}}
access: restricted
check-version: true
- if: steps.publish.outputs.type != 'none'
run: |
echo "Version changed: ${{ steps.publish.outputs.old-version }} => ${{ steps.publish.outputs.version }}"
Am I configuring JS-DevTools/npm-publish@v1 wrong?
Hi, I have problem
npm-publish.yml
`on: push
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 10
- run: npm install
- run: npm test
- uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_TOKEN }}`
and Here I have problem
Run JS-DevTools/npm-publish@v1 with: registry: https://registry.npmjs.org/ package: package.json tag: latest dry-run: false check-version: true Error: Error: Input required and not supplied: token at Object.getInput (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@actions/core/lib/core.js:94:1) at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:17:14) at Object.48 (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:74:1) at __webpack_require__ (/webpack/bootstrap:21:1) at startup (/webpack/bootstrap:40:1) at /webpack/bootstrap:44:1 at Object.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/index.js:50:10) at Module._compile (internal/modules/cjs/loader.js:959:30) at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10) at Module.load (internal/modules/cjs/loader.js:815:32)
I have a monorepo with many packages and would like to use this action in different folders. Does the npm-publish
action have an option for the working directory or similar?
name: npm publish
on:
push:
branches:
- master
jobs:
npm-publish:
name: npm publish
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@master
- name: setup Node.js
uses: actions/setup-node@master
with:
node-version: "12.x"
- name: Install npm dependencies (npm ci)
run: npm ci
- name: npm publish
id: publish
uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_AUTH_TOKEN }}
- name: output version name
run: echo type = ${{ steps.publish.type }}, version = ${{ steps.publish.version }}
output
type = , version =
In the docs for Github Actions working-directory
is specified as a default which can be configured on a whole workflow. This means that every action, ultimately, should respect the working-directory
option.
This action does not.
I have tried to use this action to publish in Github Package Registry .
but it keeps failing
here is the action log
https://github.com/varunsridharan/npm-proxy/runs/1177247171?check_suite_focus=true
Note i did merge #12 in my fork and did a small change but still can't get it to work.
Changes I did : g-actions@5a1378e
The david-dm.org service for displaying dependency update status doesn't seem to work for a little longer now, so that the image on your README
is broken.
Following the recent blog post "GitHub Actions: All Actions will begin running on Node16 instead of Node12" by GitHub, I noticed this action is still running on node12
:
Lines 58 to 60 in e42e372
It should be fairly easy to change this by replacing using: node12
with using: node16
- I wouldn't expect anything in this Action's source code to break as a result of that.
One thing to note, by and large I've seen other Actions use a major version bump when releasing this change. The motivation being that older GitHub Actions runners may not support node16
. See for example the "What's new" section of actions/checkout
.
Hi! I've been using it for a while and I appreciate your work ;)
I want to include it on my boilerplates generator, but I would like that it would only run publish if the package is already published, to avoid accidental publishing due to some specific reasons. I know right that it's possible to use another branch to avoid the publishing, but I want to know if it's possible.
Thanks!
When using the action as follows:
- uses: JS-DevTools/npm-publish@v1
with:
package: ./extra/apps/app-campaigns/package.json
token: ${{ secrets.NPM_TOKEN }}
access: public
We are getting a warning:
publish The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environ
According to the readme I can pass a boolean greater-version-only
, which ensures that if the latest version is, for example, 1.2.5, I cannot publish 1.2.4, even if 1.2.4 has never been published.
When running in a workflow, I get the following warning;
Warning: Unexpected input(s) 'greater-version-only', valid inputs are ['token', 'registry', 'package', 'tag', 'access', 'dry-run', 'check-version']
Here's the workflow run I'm referring to.
Is greater-version-only
a valid option, and the action is just missing something in the warning condition? Or does that config option actually not exist, and is incorrectly documented?
My GitHub Action automatically updates my package.json
with the correct version number based on the changes that were done during that release. Recently I noticed that what is being published to NPM doesn't align with the version in my package.json
.
Below is my workflow for deploying to NPM. This step is done after built, version bumped, changelog and a release created in GitHub. I've been able to verify that my version is bumping correctly and the changelog + GitHub is reflecting this.
I would expect that this deploy action would take it's version
from package.json
which is correct but it appears as if it's looking to npm
and just bumping whatever is already there?
name: Deploy to NPM
on:
workflow_dispatch:
repository_dispatch:
types: [run-deploy-to-npm]
jobs:
# https://github.com/marketplace/actions/npm-publish
npm-publish:
name: Publish Latest to NPM
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
ref: ${{ github.event.client_payload.sha }}
- run: 'echo "SHA: ${{github.event.client_payload.sha }}"'
- name: Setup Node.js
uses: actions/setup-node@v1
with:
node-version: 10
- name: Install dependencies
run: yarn install
- name: Build package
run: yarn build
- name: Publish to NPM
uses: JS-DevTools/npm-publish@v1
with:
package: dist/libs/dot-components/package.json
token: ${{ secrets.NPM_TOKEN }}
We need to release a new version of this action! Planned changes:
@actions/core
due to deprecation of stdout-based output variables
~/.npmrc
package_spec
to npm publish
.tgz
to npm publish
--ignore-scripts
to npm by default
There's a few other bug issues open, but nothing that looks like a breaking change. If we can land fixes, great, but getting the deprecations fixed is the priority given the June 1 deadline.
Release should happen on a Monday, Tuesday, or Wednesday to give any users of this action (and us!) time during the week to react to any issues.
The package supports multiple registry URLs to publish to, however it always reports success/failure of publishing to NPM regardless of which registry was configured as the target.
Ideally it would parse the registry URL and determine which was being used, and report that.
For use cases where there may be multiple registries being published to, it becomes particularly useful to be able to avoid confusion about which was being use in a certain CI step, for example.
I imagine updating this string, and the equivalent in the CLI, to use an interpolation rather than the hardcoded NPM
would do the trick.
Sample output from a Github Workflow running this action and publishing to the Github Package Registry:
Run JS-DevTools/npm-publish@v1
with:
token: ***
registry: https://npm.pkg.github.com/
package: package.json
tag: latest
dry-run: false
check-version: true
> @<scope>/[email protected] prepublishOnly .
> npm test && npm run lint
> @<scope>/[email protected] test /home/runner/work/github-package-publish-test/github-package-publish-test
> jest --config jestconfig.json
PASS src/__tests__/index.test.ts
β init (2 ms)
Test Suites: 1 passed, 1 total
Tests: 1 passed, 1 total
Snapshots: 0 total
Time: 1.133 s, estimated 3 s
Ran all test suites.
> @<scope>/[email protected] lint /home/runner/work/github-package-publish-test/github-package-publish-test
> tslint -p tsconfig.json
npm notice
npm notice π¦ @<scope>/[email protected]
npm notice === Tarball Contents ===
npm notice 189B dist/index.js
npm notice 1.5kB package.json
npm notice 1.1kB README.md
npm notice 42B dist/index.d.ts
npm notice === Tarball Details ===
npm notice name: @<scope>/github-package-publish-test
npm notice version: 0.0.3
npm notice package size: 1.3 kB
npm notice unpacked size: 2.9 kB
npm notice shasum: d509a842e5f47f0ba3b154328a286e402ba983b3
npm notice integrity: sha512-wrpD7XDhT+nKT[...]Vn5MxPGw8DxQA==
npm notice total files: 4
npm notice
+ @<scope>/[email protected]
π¦ Successfully published @<scope>/github-package-publish-test v0.0.3 to NPM
Hi,
before trying, I would like to know if it's possible to use this action when you have 2FA configured on your npm account?
When I publish manually using npm publish
, I'm prompted for my OTP. Will this prevent the action from completing?
Not entirely sure if this is an issue or a misconfiguration on my part but any guidence would be greatly appreciated.
I've been trying to setup a private registry that I can use to host various Unity packages that I've created over the years in a single location, using this tool to automatically publish updates.
I setup the GitHub action following the example in the readme for the package with some slight tweaks to point it at my custom package registry.
on:
push:
branches: [ packages ]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 10
- run: npm install
- name: NPM Publish
uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_TOKEN }}
registry: [RegistryAddress:Port] # Substituted for privacy
package: ${{ github.workspace }}/Assets/MCU_Core/package.json
Everything appears to work, running with dry-run: true
runs through the action as one would expect. It generates a package and stops short of publishing it. When the version in the package.json is not modified it's able to read the previous version and not publish the package.
But when trying to run the actual action to publish updates, I seem unable to fix the npm ERR! code E401 Unable to authenticate, your authentication token seems to be invalid
error that is caused. I've used powershell with my authentication token to call npm publish --registry=[RegistryAddress:Port]/:_authToken=[AutomationAuthToken]
manually with success. I've crawled through the forum posts to try and determine what the cause could be (package.json setup, npmjs.com account verification etc.).
I've attached the log for the NPM Publish step in case that's any help
NPMPublishStep.log
Any assistance in resolving this would be greatly appreciated, just starting out with this kind of setup and am open to any suggestions you may have.
My workflow successfully publishes the package, but then it throws an 403 error that it is already published. Is it getting published twice?
https://github.com/Yrlish/eslint-config/blob/master/.github/workflows/push.yml
2021-05-06T17:48:44.3770137Z ##[group]Run JS-DevTools/npm-publish@v1
2021-05-06T17:48:44.3770604Z with:
2021-05-06T17:48:44.3771391Z token: ***
2021-05-06T17:48:44.3771722Z access: public
2021-05-06T17:48:44.3772239Z registry: https://registry.npmjs.org/
2021-05-06T17:48:44.3772773Z package: package.json
2021-05-06T17:48:44.3773129Z tag: latest
2021-05-06T17:48:44.3773426Z dry-run: false
2021-05-06T17:48:44.3773785Z check-version: true
2021-05-06T17:48:44.3774566Z ##[endgroup]
2021-05-06T17:48:46.9993816Z npm notice
2021-05-06T17:48:47.0006999Z npm notice π¦ @yrlish/[email protected]
2021-05-06T17:48:47.0010525Z npm notice === Tarball Contents ===
2021-05-06T17:48:47.0028823Z npm notice 161B react.js
2021-05-06T17:48:47.0033194Z npm notice 600B typescript.js
2021-05-06T17:48:47.0034478Z npm notice 257B package.json
2021-05-06T17:48:47.0035358Z npm notice 503B README.md
2021-05-06T17:48:47.0036787Z npm notice === Tarball Details ===
2021-05-06T17:48:47.0053819Z npm notice name: @yrlish/eslint-config
2021-05-06T17:48:47.0055146Z npm notice version: 1.0.5
2021-05-06T17:48:47.0056244Z npm notice package size: 736 B
2021-05-06T17:48:47.0057095Z npm notice unpacked size: 1.5 kB
2021-05-06T17:48:47.0058112Z npm notice shasum: 937dc9c1be79b36fb047ffc407fc15a12ad6a086
2021-05-06T17:48:47.0059691Z npm notice integrity: sha512-N8kwW6U6tUcpF[...]nICbf0hZtQyOA==
2021-05-06T17:48:47.0061900Z npm notice total files: 4
2021-05-06T17:48:47.0062964Z npm notice
2021-05-06T17:48:49.8407528Z
2021-05-06T17:48:49.8409295Z > @yrlish/[email protected] publish .
2021-05-06T17:48:49.8410804Z > npm publish --access public
2021-05-06T17:48:49.8411418Z
2021-05-06T17:48:50.2657381Z npm notice
2021-05-06T17:48:50.2670244Z npm notice π¦ @yrlish/[email protected]
2021-05-06T17:48:50.2673373Z npm notice === Tarball Contents ===
2021-05-06T17:48:50.2690973Z npm notice 161B react.js
2021-05-06T17:48:50.2706591Z npm notice 600B typescript.js
2021-05-06T17:48:50.2707379Z npm notice 257B package.json
2021-05-06T17:48:50.2708334Z npm notice 503B README.md
2021-05-06T17:48:50.2709024Z npm notice === Tarball Details ===
2021-05-06T17:48:50.2710667Z npm notice name: @yrlish/eslint-config
2021-05-06T17:48:50.2711541Z npm notice version: 1.0.5
2021-05-06T17:48:50.2712367Z npm notice package size: 736 B
2021-05-06T17:48:50.2713873Z npm notice unpacked size: 1.5 kB
2021-05-06T17:48:50.2714838Z npm notice shasum: 937dc9c1be79b36fb047ffc407fc15a12ad6a086
2021-05-06T17:48:50.2716163Z npm notice integrity: sha512-N8kwW6U6tUcpF[...]nICbf0hZtQyOA==
2021-05-06T17:48:50.2717092Z npm notice total files: 4
2021-05-06T17:48:50.2717732Z npm notice
2021-05-06T17:48:50.7387303Z npm ERR! code E403
2021-05-06T17:48:50.7446322Z npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@yrlish%2feslint-config - You cannot publish over the previously published versions: 1.0.5.
2021-05-06T17:48:50.7447944Z npm ERR! 403 In most cases, you or one of your dependencies are requesting
2021-05-06T17:48:50.7448996Z npm ERR! 403 a package version that is forbidden by your security policy.
2021-05-06T17:48:50.7499681Z
2021-05-06T17:48:50.7502366Z npm ERR! A complete log of this run can be found in:
2021-05-06T17:48:50.7503508Z npm ERR! /home/runner/.npm/_logs/2021-05-06T17_48_50_744Z-debug.log
2021-05-06T17:48:50.7610005Z npm ERR! code ELIFECYCLE
2021-05-06T17:48:50.7610534Z npm ERR! errno 1
2021-05-06T17:48:50.7689051Z npm ERR! @yrlish/[email protected] publish: `npm publish --access public`
2021-05-06T17:48:50.7690553Z npm ERR! Exit status 1
2021-05-06T17:48:50.7691927Z npm ERR!
2021-05-06T17:48:50.7692985Z npm ERR! Failed at the @yrlish/[email protected] publish script.
2021-05-06T17:48:50.7693928Z npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
2021-05-06T17:48:50.7764628Z npm WARN Local package.json exists, but node_modules missing, did you mean to install?
2021-05-06T17:48:50.7768160Z
2021-05-06T17:48:50.7768825Z npm ERR! A complete log of this run can be found in:
2021-05-06T17:48:50.7770529Z npm ERR! /home/runner/.npm/_logs/2021-05-06T17_48_50_769Z-debug.log
2021-05-06T17:48:50.8162402Z ##[error]Error: Unable to publish @yrlish/eslint-config v1.0.5 to NPM.
npm publish --access public exited with a status of 1.
at Object.publish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:112:13)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
ProcessError: npm publish --access public exited with a status of 1.
at normalizeResult (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/normalize-result.js:31:1)
at ChildProcess.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/node_modules/@jsdevtools/ez-spawn/lib/async.js:79:1)
at ChildProcess.emit (events.js:210:5)
at Process.ChildProcess._handle.onexit (internal/child_process.js:272:12)
Hello there, I am using npm https://npm.pkg.github.com as my npm package registry. Unfortunately i always get this error when it start my workflow.
Full log comes here:
Run JS-DevTools/npm-publish@v1
with:
token: ***
registry: https://npm.pkg.github.com
check-version: false
package: package.json
tag: latest
dry-run: false
Error: TypeError: Unable to determine the current version of @cpotter302/ubuntu-welcome-page on NPM.
Invalid Version:
at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:57:13)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:16:26)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)
TypeError: Invalid Version:
at new SemVer (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js:41:13)
at Object.getLatestVersion (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm.ts:51:20)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at Object.npmPublish (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/npm-publish.ts:16:26)
at main (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/src/action/index.ts:28:19)
I have a scoped package that is meant to be public, this should be accomplished with ββaccess publicβ, but the doc makes it sound like scoped packages should not use this, which is confusing...
Hi,
Thank you for this action.
Is there a simple way to use yarn install | publish
instead of npm?
I had a problem where the action would fail with 403 when trying to push to a custom registry. I noticed that in the .npmrc
the registry URL was truncated (so instead of //some.domain/a/path/:_authToken=${INPUT_TOKEN}
there was //some.domain/:_authToken=${INPUT_TOKEN}
).
With a small change in npm-config.ts
to use the full URL the action succeeded without any further problems:
let authDomain = registry.href.slice(registry.protocol.length);
if (!authDomain.endsWith("/"))
authDomain += "/";
Consistently receive an error when attempting to run version 1.4.1 of this action. See failed workflow steps here and here.
LOG:
Run JS-DevTools/npm-publish@v1
with:
token: ***
access: public
registry: https://registry.npmjs.org/
package: package.json
tag: latest
dry-run: false
check-version: true
Error: Cannot find module '../internal/parse-options'
Require stack:
- /home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js
- /home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/index.js
- /home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/index.js
at Function.Module._resolveFilename (internal/modules/cjs/loader.js:797:15)
at Function.Module._load (internal/modules/cjs/loader.js:690:27)
at Module.require (internal/modules/cjs/loader.js:852:19)
at require (internal/modules/cjs/helpers.js:74:18)
at Object.<anonymous> (/home/runner/work/_actions/JS-DevTools/npm-publish/v1/dist/node_modules/semver/classes/semver.js:5:22)
at Module._compile (internal/modules/cjs/loader.js:959:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
at Module.load (internal/modules/cjs/loader.js:815:32)
at Function.Module._load (internal/modules/cjs/loader.js:727:14)
at Module.require (internal/modules/cjs/loader.js:852:19)
WORKAROUND: Use version 1.4.0 (in your Github Workflow write uses: JS-DevTools/[email protected]
instead of uses: JS-DevTools/npm-publish@v1
It appears that using the semver.diff
function only checks if the package version is different, and subsequently ignores whether the version is actually a higher or lower version.
I'd like to add an option that uses semver.compare
to only run if the new package version is higher than that already published. I'm thinking something along the lines of greater-version
(default: false
, for backwards compatibility).
I'll raise a PR with an implementation too.
The tag
property is clearly needed when actually publishing a package, but I don't think it should be used for checking whether a package exists.
In fact, it looks like the current code just does npm view <package>@<tag> version
, which will:
Both of these will result in false negatives, where it will then try to publish the package because it thinks it doesn't exist, but it actually does, and the publish will fail.
Instead, it should ignore the tag entirely, and just use npm view <package> versions
, which returns all versions of the package, and then do a contains
check to see if the version being checked matches any of them.
I would recommend using an existing dependency for this, e.g. https://github.com/azu/can-npm-publish
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.