给定一个指向 Github npm 注册表的 .npmrc 文件
@TheOrganization:registry=https://npm.pkg.github.com
以及处理此注册表的 Github Actions 工作流程
name: Release
on:
push:
branches:
- 'main'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
# ...setup...
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 22.x
- name: Login to npm registry
run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
- name: Install dependencies
run: npm install
# ...create new version, build, release...
- name: Publish new version to npm
run: npm publish
我当前的登录方法有效,但正如您所看到的,我正在修改存储库中的 .npmrc 文件。这很危险,因为后续步骤也会推送到存储库。
有没有一种方法可以登录注册表而不需要修改任何文件?
使用token直接登录怎么样?
name: Release
on:
push:
branches:
- 'main'
jobs:
release:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
# ...setup...
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 22.x
- name: Login to npm registry
run: npm config set //npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}
- name: Install dependencies
run: npm install
# ...create new version, build, release...
- name: Publish new version to npm
run: npm publish