I'm using some github action to release one of my package in a mono repo, holding about 4-5 package likes:
github-repository (monorepo):
- folder_1 (package 1)
- folder_2 (package 2)
- folder_3 (package 3)
For each packages located in this monorepo, when a tag matching a version is released, the action will release it, using a workflow (almost identical for all packages):
name: package 1
on:
push:
tags:
- package1/v*
permissions:
contents: read
packages: write
jobs:
release:
name: Release
runs-on: ubuntu-22.12
defaults:
run:
working-directory: folder_1
steps:
- name: Checkout source code
uses: actions/checkout@ab597985615ec2ede58e132d2621d2b1cbd6127c
- name: Set up Node
uses: .github/actions/secure-setup-node
with:
path: folder_1
- name: install dependencies
run: yarn --frozen-lockfile
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: build package
run: yarn build
- name: add package.json
run: cp package.json ./dist
- name: add yarn.lock
run: cp yarn.lock ./dist
- name: add README.md
run: cp README.md ./dist
- run: yarn publish ./dist
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
each packages have their own action's workflow .yaml and works fine, except for the new package I just created: package 4 (located in github-repository/folder_4).
it's a basic package except it only holds config files, so it's yarn build script will only copy theses file in the ./dist folder, without implying node or javascript, making it's workflow looking like:
name: Config Release
on:
push:
tags:
- package4/v*
permissions:
contents: read
packages: write
jobs:
release:
name: Release
runs-on: ubuntu-latest
defaults:
run:
working-directory: folder_4
steps:
- name: Checkout source code
uses: actions/checkout@a55da8c3cf115ac326823e79a1e1788f7940201b
- name: build package
run: yarn build
- run: yarn publish ./dist
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
But here goes the issue ! running this action will result by:
Run yarn publish ./dist
yarn publish v1.22.19
[1/4] Bumping version...
info Current version: 1.0.0
[2/4] Logging in...
error No token found and can't prompt for login when running with --non-interactive.
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.
Error: Process completed with exit code 1.
I checked a lot of documentation or github issues about this matter and managed to fix my problem, by replacing NODE_AUTH_TOKEN by NPM_AUTH_TOKEN, but why did it solved it when all my previous packages are still using NODE_AUTH_TOKEN ? is it because I'm not using setup-node ? (I don't use it because I'm not using node to build my javascript), because I don't have yarn.lock ? (even an empty one),
What's the difference about these 2 ? in this issue someone told that:
NPM_AUTH_TOKEN work for npm registry
NODE_AUTH_TOKEN work for scope registry
what does it mean ?
NPM_AUTH_TOKEN is a token generated in NPM. You then put that in your GitHub secrets on GitHub so it can be passed to an action. You shouldn't put the token in your workflow file. You use it with a "Publish to NPM" GitHub Action. For example in this file .github/workflows/npm-publish.yml:
jobs:
npm-publish:
...
steps:
...
env:
NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
The NODE_AUTH_TOKEN is an environment variable with your NPM_TOKEN secret. Ultimately this is used to publish Node.js packages in a continuous integration (CI) workflow.
jobs:
build:
...
steps:
...
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
The setup-node action creates your .npmrc file and references your NODE_AUTH_TOKEN environment variable:
//registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
Make sure to set registry-url to https://registry.npmjs.org/ in setup-node.
There is a walk through for setting up the CI publishing here.