Use deterministic package registry configs in CI workflows

secretkeylabs · Sep 27, 2024 · ee38b39 · ee38b39
1 parent 366bf1e
commit ee38b39
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 13 deletions.
diff --git a/.github/workflows/build-and-publish-main.yaml b/.github/workflows/build-and-publish-main.yaml
@@ -11,9 +11,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - uses: actions/setup-node@v4
-        with:
-          registry-url: https://npm.pkg.github.com
-          scope: '@secretkeylabs'
+
+      - name: Set `@secretkeylabs` scope to use GitHub Package Registry for package installation
+        run: |
+          echo "@secretkeylabs:registry=https://npm.pkg.github.com/" > .npmrc
+          echo "//npm.pkg.github.com/:_authToken=${AUTH_TOKEN}" >> .npmrc
+        env:
+          AUTH_TOKEN: ${{ secrets.GH_PACKAGE_REGISTRY_TOKEN }}
 
       - name: Install dependencies
         run: npm ci
@@ -24,6 +28,17 @@ jobs:
         run: npm run build
 
       - name: Publish to NPM package registry
-        run: npm publish --access=public --tag=latest
+        run: |
+          echo "@secretkeylabs:registry=https://registry.npmjs.org/" > .npmrc
+          echo "//registry.npmjs.org/:_authToken=$AUTH_TOKEN" >> .npmrc
+          npm publish --access=public
+        env:
+          AUTH_TOKEN: ${{ secrets.NPM_PACKAGE_REGISTRY_TOKEN }}
+
+      - name: Publish to GitHub Package Registry
+        run: |
+          echo "@secretkeylabs:registry=https://npm.pkg.github.com/" > .npmrc
+          echo "//npm.pkg.github.com/:_authToken=$AUTH_TOKEN" >> .npmrc
+          npm publish --access=public
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGE_REGISTRY_TOKEN }}
+          AUTH_TOKEN: ${{ secrets.GH_PACKAGE_REGISTRY_TOKEN }}
diff --git a/.github/workflows/build-and-publish-pr.yml b/.github/workflows/build-and-publish-pr.yml
@@ -10,14 +10,16 @@ jobs:
       - uses: actions/checkout@v4
 
       - uses: actions/setup-node@v4
-        with:
-          registry-url: https://npm.pkg.github.com
-          scope: '@secretkeylabs'
+
+      - name: Set `@secretkeylabs` scope to use GitHub Package Registry for package installation
+        run: |
+          echo "@secretkeylabs:registry=https://npm.pkg.github.com/" > .npmrc
+          echo "//npm.pkg.github.com/:_authToken=${AUTH_TOKEN}" >> .npmrc
+        env:
+          AUTH_TOKEN: ${{ secrets.GH_PACKAGE_REGISTRY_TOKEN }}
 
       - name: Install dependencies
         run: npm ci
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GH_PACKAGE_REGISTRY_TOKEN }}
 
       - name: Run build
         run: npm run build
@@ -37,7 +39,17 @@ jobs:
           CURRENT_VERSION: ${{ steps.current-version.outputs.CURRENT_VERSION }}
 
       - name: Publish to NPM package registry
-        run: npm publish --access=public --tag pr-$PR_NUMBER
+        run: |
+          echo "@secretkeylabs:registry=https://registry.npmjs.org/" > .npmrc
+          echo "//registry.npmjs.org/:_authToken=$AUTH_TOKEN" >> .npmrc
+          npm publish --access=public
+        env:
+          AUTH_TOKEN: ${{ secrets.NPM_PACKAGE_REGISTRY_TOKEN }}
+
+      - name: Publish to GitHub Package Registry
+        run: |
+          echo "@secretkeylabs:registry=https://npm.pkg.github.com/" > .npmrc
+          echo "//npm.pkg.github.com/:_authToken=$AUTH_TOKEN" >> .npmrc
+          npm publish --access=public
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_PACKAGE_REGISTRY_TOKEN }}
-          PR_NUMBER: ${{ github.event.number }}
+          AUTH_TOKEN: ${{ secrets.GH_PACKAGE_REGISTRY_TOKEN }}