From 1144374c156f32008224d09123feb95390bf1996 Mon Sep 17 00:00:00 2001 From: Andy Edwards Date: Tue, 14 May 2024 20:41:53 -0500 Subject: [PATCH] chore: fix pkgRoot issue --- .github/workflows/release.yml | 31 ------- .github/workflows/test.yml | 65 ------------- README.md | 167 +--------------------------------- lib/publish.js | 2 +- package-lock.json | 4 +- package.json | 15 +-- 6 files changed, 10 insertions(+), 274 deletions(-) delete mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 3ef46835..00000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Release -"on": - push: - branches: - - master - - next - - beta - - "*.x" -permissions: - contents: read -jobs: - release: - name: release - runs-on: ubuntu-latest - permissions: - contents: write - id-token: write - issues: write - pull-requests: write - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - cache: npm - node-version: lts/* - - run: npm clean-install - - run: corepack npm audit signatures - - run: npx semantic-release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_NPM_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 32418a56..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: Test -"on": - push: - branches: - - master - - renovate/** - pull_request: - types: - - opened - - synchronize - -permissions: - contents: read - -env: - FORCE_COLOR: 1 - NPM_CONFIG_COLOR: always - -jobs: - test_matrix: - strategy: - matrix: - node-version: - - 20.8.1 - - 20 - - 21 - os: - - ubuntu-latest - runs-on: "${{ matrix.os }}" - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - name: "Use Node.js ${{ matrix.node-version }}" - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - node-version: "${{ matrix.node-version }}" - cache: npm - - run: npm clean-install - - run: corepack npm audit signatures - - run: npm test - - test_dev: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 - with: - node-version-file: .nvmrc - cache: npm - - run: npm clean-install - - run: corepack npm audit signatures - - run: npm test - - test: - runs-on: ubuntu-latest - needs: - - test_dev - - test_matrix - if: ${{ !cancelled() }} - steps: - - name: All matrix versions passed - if: ${{ !(contains(needs.*.result, 'failure')) }} - run: exit 0 - - name: Some matrix version failed - if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 diff --git a/README.md b/README.md index 0d897c08..d1715add 100644 --- a/README.md +++ b/README.md @@ -1,166 +1,3 @@ -# @semantic-release/npm +# @jcoreio/semantic-release-npm -[**semantic-release**](https://github.com/semantic-release/semantic-release) plugin to publish a [npm](https://www.npmjs.com) package. - -[![Build Status](https://github.com/semantic-release/npm/workflows/Test/badge.svg)](https://github.com/semantic-release/npm/actions?query=workflow%3ATest+branch%3Amaster) [![npm latest version](https://img.shields.io/npm/v/@semantic-release/npm/latest.svg)](https://www.npmjs.com/package/@semantic-release/npm) -[![npm next version](https://img.shields.io/npm/v/@semantic-release/npm/next.svg)](https://www.npmjs.com/package/@semantic-release/npm) -[![npm beta version](https://img.shields.io/npm/v/@semantic-release/npm/beta.svg)](https://www.npmjs.com/package/@semantic-release/npm) - -| Step | Description | -| ------------------ | -------------------------------------------------------------------------------------------------------------------------------- | -| `verifyConditions` | Verify the presence of the `NPM_TOKEN` environment variable, or an `.npmrc` file, and verify the authentication method is valid. | -| `prepare` | Update the `package.json` version and [create](https://docs.npmjs.com/cli/pack) the npm package tarball. | -| `addChannel` | [Add a release to a dist-tag](https://docs.npmjs.com/cli/dist-tag). | -| `publish` | [Publish the npm package](https://docs.npmjs.com/cli/publish) to the registry. | - -## Install - -```bash -$ npm install @semantic-release/npm -D -``` - -## Usage - -The plugin can be configured in the [**semantic-release** configuration file](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#configuration): - -```json -{ - "plugins": ["@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", "@semantic-release/npm"] -} -``` - -## Configuration - -### npm registry authentication - -The npm [token](https://docs.npmjs.com/about-access-tokens) authentication configuration is **required** and can be set via [environment variables](#environment-variables). - -Automation tokens are recommended since they can be used for an automated workflow, even when your account is configured to use the [`auth-and-writes` level of 2FA](https://docs.npmjs.com/about-two-factor-authentication#authorization-and-writes). - -### npm provenance - -If you are publishing to the official registry and your pipeline is on a [provider that is supported by npm for provenance](https://docs.npmjs.com/generating-provenance-statements#provenance-limitations), npm can be configured to [publish with provenance](https://docs.npmjs.com/generating-provenance-statements). - -Since semantic-release wraps the npm publish command, configuring provenance is not exposed directly. -Instead, provenance can be configured through the [other configuration options exposed by npm](https://docs.npmjs.com/generating-provenance-statements#using-third-party-package-publishing-tools). -Provenance applies specifically to publishing, so our recommendation is to configure under `publishConfig` within the `package.json`. - -#### npm provenance on GitHub Actions - -For package provenance to be signed on the GitHub Actions CI the following permission is required -to be enabled on the job: - -```yaml -permissions: - id-token: write # to enable use of OIDC for npm provenance -``` - -It's worth noting that if you are using semantic-release to its fullest with a GitHub release, GitHub comments, -and other features, then [more permissions are required](https://github.com/semantic-release/github#github-authentication) to be enabled on this job: - -```yaml -permissions: - contents: write # to be able to publish a GitHub release - issues: write # to be able to comment on released issues - pull-requests: write # to be able to comment on released pull requests - id-token: write # to enable use of OIDC for npm provenance -``` - -Refer to the [GitHub Actions recipe for npm package provenance](https://semantic-release.gitbook.io/semantic-release/recipes/ci-configurations/github-actions#.github-workflows-release.yml-configuration-for-node-projects) for the full CI job's YAML code example. - -### Environment variables - -| Variable | Description | -| ----------- | ----------------------------------------------------------------------------------------------------------------------------- | -| `NPM_TOKEN` | Npm token created via [npm token create](https://docs.npmjs.com/getting-started/working_with_tokens#how-to-create-new-tokens) | - -### Options - -| Options | Description | Default | -| ------------ | ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | -| `npmPublish` | Whether to publish the `npm` package to the registry. If `false` the `package.json` version will still be updated. | `false` if the `package.json` [private](https://docs.npmjs.com/files/package.json#private) property is `true`, `true` otherwise. | -| `pkgRoot` | Directory path to publish. | `.` | -| `tarballDir` | Directory path in which to write the package tarball. If `false` the tarball is not be kept on the file system. | `false` | - -**Note**: The `pkgRoot` directory must contain a `package.json`. The version will be updated only in the `package.json` and `npm-shrinkwrap.json` within the `pkgRoot` directory. - -**Note**: If you use a [shareable configuration](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/shareable-configurations.md#shareable-configurations) that defines one of these options you can set it to `false` in your [**semantic-release** configuration](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#configuration) in order to use the default value. - -### npm configuration - -The plugin uses the [`npm` CLI](https://github.com/npm/cli) which will read the configuration from [`.npmrc`](https://docs.npmjs.com/files/npmrc). See [`npm config`](https://docs.npmjs.com/misc/config) for the option list. - -The [`registry`](https://docs.npmjs.com/misc/registry) can be configured via the npm environment variable `NPM_CONFIG_REGISTRY` and will take precedence over the configuration in `.npmrc`. - -The [`registry`](https://docs.npmjs.com/misc/registry) and [`dist-tag`](https://docs.npmjs.com/cli/dist-tag) can be configured under `publishConfig` in the `package.json`: - -```json -{ - "publishConfig": { - "registry": "https://registry.npmjs.org/", - "tag": "latest" - } -} -``` - -**Notes**: - -- The presence of an `.npmrc` file will override any specified environment variables. -- The presence of `registry` or `dist-tag` under `publishConfig` in the `package.json` will take precedence over the configuration in `.npmrc` and `NPM_CONFIG_REGISTRY` - -### Examples - -The `npmPublish` and `tarballDir` option can be used to skip the publishing to the `npm` registry and instead, release the package tarball with another plugin. For example with the [@semantic-release/github](https://github.com/semantic-release/github) plugin: - -```json -{ - "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", - [ - "@semantic-release/npm", - { - "npmPublish": false, - "tarballDir": "dist" - } - ], - [ - "@semantic-release/github", - { - "assets": "dist/*.tgz" - } - ] - ] -} -``` - -When publishing from a sub-directory with the `pkgRoot` option, the `package.json` and `npm-shrinkwrap.json` updated with the new version can be moved to another directory with a `postversion`. For example with the [@semantic-release/git](https://github.com/semantic-release/git) plugin: - -```json -{ - "plugins": [ - "@semantic-release/commit-analyzer", - "@semantic-release/release-notes-generator", - [ - "@semantic-release/npm", - { - "pkgRoot": "dist" - } - ], - [ - "@semantic-release/git", - { - "assets": ["package.json", "npm-shrinkwrap.json"] - } - ] - ] -} -``` - -```json -{ - "scripts": { - "postversion": "cp -r package.json .. && cp -r npm-shrinkwrap.json .." - } -} -``` +This is a temporary fork of `@semantic-release/npm` with the `pkgRoot` bug fixed. diff --git a/lib/publish.js b/lib/publish.js index ac3e6fee..7303dfdd 100644 --- a/lib/publish.js +++ b/lib/publish.js @@ -23,7 +23,7 @@ export default async function (npmrc, { npmPublish, pkgRoot }, pkg, context) { const result = execa( "npm", ["publish", basePath, "--userconfig", npmrc, "--tag", distTag, "--registry", registry], - { cwd, env, preferLocal: true } + { cwd: basePath, env, preferLocal: true } ); result.stdout.pipe(stdout, { end: false }); result.stderr.pipe(stderr, { end: false }); diff --git a/package-lock.json b/package-lock.json index 4fb97de5..2ef05dd2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "@semantic-release/npm", + "name": "@jcoreio/semantic-release-npm", "version": "0.0.0-development", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "@semantic-release/npm", + "name": "@jcoreio/semantic-release-npm", "version": "0.0.0-development", "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index 99244e53..a1955274 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { - "name": "@semantic-release/npm", + "name": "@jcoreio/semantic-release-npm", "description": "semantic-release plugin to publish a npm package", - "version": "0.0.0-development", + "version": "12.0.2", "author": "Pierre Vanduynslager (https://twitter.com/@pvdlg_)", "ava": { "files": [ @@ -12,7 +12,7 @@ "workerThreads": false }, "bugs": { - "url": "https://github.com/semantic-release/npm/issues" + "url": "https://github.com/jcoreio/semantic-release-npm/issues" }, "contributors": [ "Stephan Bönnemann (http://boennemann.me)", @@ -57,7 +57,7 @@ "lib", "index.js" ], - "homepage": "https://github.com/semantic-release/npm#readme", + "homepage": "https://github.com/jcoreio/semantic-release-npm#readme", "keywords": [ "npm", "publish", @@ -101,7 +101,7 @@ }, "repository": { "type": "git", - "url": "https://github.com/semantic-release/npm.git" + "url": "https://github.com/jcoreio/semantic-release-npm.git" }, "scripts": { "lint": "prettier --check \"{lib,test}/**/*.{js,json,ts}\" \"*.{md,json,js}\" \".github/**/*.yml\"", @@ -115,10 +115,5 @@ "test:integration": "ava --verbose test/integration.test.js" }, "type": "module", - "renovate": { - "extends": [ - "github>semantic-release/.github:renovate-config" - ] - }, "packageManager": "npm@10.7.0" }