How to install/publish packages from multiple @scope and multiple registers?

[IgorNovozhilov]

How to install packages from multiple @scope and multiple registers?
I have settings .npmrc in the root of the project:

@scope1:registry=https://npm.pkg.github.com
@scope2:registry=https://npm.pkg.github.com
@scope3:registry=https://npm.anysite.org
@scope4:registry=https://registry.npmjs.org

and npmjs.com by default for a public

I need to create something like this settings .npmrc in the home folder before installing:

//npm.pkg.github.com/:_authToken=<TOKEN_A>
//nnpm.anysite.org/:_authToken=<TOKEN_B>
//registry.npmjs.org/@scope4/:_authToken=<TOKEN_C>

or

//npm.pkg.github.com/@scope1/:_authToken=<TOKEN_A1>
//npm.pkg.github.com/@scope2/:_authToken=<TOKEN_A2>
//nnpm.anysite.org/:_authToken=<TOKEN_B>
//registry.npmjs.org/@scope4/:_authToken=<TOKEN_C>

[IgorNovozhilov]

given this: #49, #52, #53, #64. a the optimal solution would be something like this:

    steps:
    - uses: actions/checkout@v1
    - uses: actions/setup-node@v1
      with:
        node-version: 10.x
        npm-registry:
          - registry: 'https://npm.pkg.github.com'
            scope: '@scope1'
            token: '${{secrets.GITHUB_TOKEN}}'
          - registry: 'https://npm.pkg.github.com'
            scope: '@scope2'
            token: '${{secrets.GITHUB_TOKEN_THIRD_PARTY}}'
          - registry: 'https://nnpm.anysite.org'
            token: '${{secrets.ANYSITE_TOKEN}}'
          - registry: 'https://registry.npmjs.org'
            scope: '@scope4'
            token: '${{secrets.NPMJS_TOKEN}}'
    - run: npm install
    - run: npm test
    - run: npm publish

where,
npm-registry - written in .npmrc in the home folder, and is used for all subsequent commands
GITHUB_TOKEN - access the current organization
GITHUB_TOKEN_THIRD_PARTY - may be a Personal access tokens. Or a Organization access tokens. Yeah, that's really missing on GitHub, but this would be crucial for using third-party packages from a security perspective

This solution would be universal for both installing and publishing packages, including publishing into multiple repositories at once.

[IgorNovozhilov]

For example, a package named in GPRS @eslint/eslint, and for npmjs.org - eslint.

        npm-registry:
          - registry: 'https://npm.pkg.github.com'
            scope: '@eslint'
            token: '${{secrets.GITHUB_TOKEN}}'

It will be enough to call 2 times npm publish, changing before the second call field name in package.json

If the name is the same, make a second call to setup-mode to configure

    steps:
    - uses: actions/checkout@v1
    - uses: actions/setup-node@v1
      with:
        node-version: 10.x
        npm-registry:
          - registry: 'https://npm.pkg.github.com'
            scope: '@scope'
            token: '${{secrets.GITHUB_TOKEN}}'
    - run: npm install
    - run: npm test
    - run: npm publish
    - uses: actions/setup-node@v1
      with:
        npm-registry:
          - registry: 'https://registry.npmjs.org'
            token: '${{secrets.NPMJS_TOKEN}}'
    - run: npm publish

or publish from different folders in root project

    - run: npm publish ./f1
    - run: npm publish ./f2
    - run: npm publish ./f3

[WtfJoke]

    node-version: 10.x
    npm-registry:
      - registry: 'https://npm.pkg.github.com'
        scope: '@scope1'
        token: '${{secrets.GITHUB_TOKEN}}'
      - registry: 'https://npm.pkg.github.com'
        scope: '@scope2'
        token: '${{secrets.GITHUB_TOKEN_THIRD_PARTY}}'
      - registry: 'https://nnpm.anysite.org'
        token: '${{secrets.ANYSITE_TOKEN}}'
      - registry: 'https://registry.npmjs.org'
        scope: '@scope4'
        token: '${{secrets.NPMJS_TOKEN}}'

This didnt work for me.
Is there another way for specifing multiple scopes?

EDIT: We ended up introducing a .yarnrc

[dougrday]

@WtfJoke Read carefully - he's suggesting a great way to implement it if this support is added. It's not supported currently, so... yeah. It won't work.

[jwlms]

Is there support in general for scopes? I wasn't able to find anything in the readme for this action about scopes, but my case is slightly different as I only need one scope at the time being.

I am publishing on the GitHub Registry and my .npmrc file looks like this:

@tucsonlabs:registry=https://npm.pkg.github.com/tucsonlabs:_authToken=$NPM_CONFIG_TOKEN

Should I file a separate ticket for this or is it supported already (or documented somewhere I missed)?

I'm just learning GitHub actions, so I assume that if this isn't supported, I could just copy a slightly different version of this file to support the environment variable passed in via this action. Would that work?

[WtfJoke]

@jwlms yeah one scope is already supported see here the official example:

name: Node.js Package
on:
  release:
    types: [created]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    # Setup .npmrc file to publish to GitHub Packages
    - uses: actions/setup-node@v2
      with:
        node-version: '12.x'
        registry-url: 'https://npm.pkg.github.com'
        # Defaults to the user or organization that owns the workflow file
        scope: '@octocat'
    - run: npm install
    - run: npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Always check out the action.yml of an action it defines all possible inputs/outputs.

You can adapt it to your needs :)

[jwlms]

Thanks! I will keep that tip in mind for next time. FWIW: I ended up just writing a temporary .npmrc file with the scope prefixing the registry like in my comment above.

[runarberg]

Is there any plans to implement this? And what is the current workaround (e.g. how do you write your .npmrc file in the action)?

[WtfJoke]

And what is the current workaround (e.g. how do you write your .npmrc file in the action)?

We have a file called .npmrc_ci and then replace the environment variable in the action run.

.npmrc_ci:

always-auth = true
@bar:registry=https://someartifactory.jfrog.io/artifactory/api/npm/public-npm/
@foo:registry=https://someartifactory.jfrog.io/artifactory/api/npm/public-npm/

//someartifactory.jfrog.io/artifactory/api/npm/public-npm/:_authToken=${NODE_AUTH_TOKEN}

This is the workflow step which replaces the variable:

      - name: Prepare npmrc
        run: envsubst  < .npmrc_ci > .npmrc
        env:
          NODE_AUTH_TOKEN: '${{ secrets.NODE_AUTH_TOKEN}}'

I dont think there is an easy fix for that issue. As far as I know its not possible to provide lists as action input variables (only single value/key), see actions/toolkit#184. So you probably end up with some separator which doesnt look nice.

[arjunsainh]

09956375

[kaltepeter]

this would be a really nice feature to add. It's currently a pain to use with private repos and checking in a file with vars isn't working.