Skip to content

Instantly share code, notes, and snippets.

@xgqfrms

xgqfrms/GitHub package bugs All In One.md

Last active August 9, 2022 09:39
Show Gist options
  • Save xgqfrms/c837e1b27674eeea350f2db7d401ee0f to your computer and use it in GitHub Desktop.
Save xgqfrms/c837e1b27674eeea350f2db7d401ee0f to your computer and use it in GitHub Desktop.
Download ZIP
GitHub package bugs All In One
Raw
GitHub package bugs All In One.md

GitHub package bugs All In One

what's the right valid access token and appropriate scopes for publishing one GitHub package?

my .npmrc

- //npm.pkg.github.com/:_authToken=GITHUB_TOKEN
+ //npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
@xgqfrms:registry=https://npm.pkg.github.com

what's wrong with that

image

error message

https://github.com/xgqfrms/wcui/runs/7739940709?check_suite_focus=true#step:5:28

image

Q1: what's the right way of GITHUB_TOKEN usage?

  1. without ${} symbol wrapped
//npm.pkg.github.com/:_authToken=GITHUB_TOKEN
@xgqfrms:registry=https://npm.pkg.github.com
  1. with ${} symbol wrapped
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
@xgqfrms:registry=https://npm.pkg.github.com

Q2: where do the secrets NPM_TOKEN come from for GitHub Action workflow?

   NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
  1. copy from npm tokens

https://www.npmjs.com/settings/xgqfrms/tokens

  1. just same as the GITHUB_TOKEN, which is GitHub Access Token

https://github.com/xgqfrms/wcui/blob/main/.github/workflows/npm-publish-github-packages.yml#L36

@xgqfrms
Copy link
Author

xgqfrms commented Aug 9, 2022

https://github.com/orgs/community/discussions/28844#discussioncomment-3355475

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment