Use authenticated npmrc#1001
Open
chidozieononiwu wants to merge 1 commit into
Open
Conversation
chidozieononiwu
requested review from
RickWinter,
heaths,
jhendrixMSFT and
xirzec
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request updates Azure DevOps pipeline YAMLs to standardize npm authentication by generating a per-phase authenticated .npmrc and wiring it into steps via npm_config_userconfig, plus some YAML formatting/quoting consistency tweaks.
Changes:
- Added references to a
create-authenticated-npmrc.ymlstep template across multiple pipelines/templates and began passingnpm_config_userconfigto selected npm/pnpm invocations. - Updated the nightly dependency bump job to use an authenticated
.npmrcvianpm_config_userconfig. - Standardized some YAML quoting/formatting (e.g., cron string quoting,
RUSTFLAGS, displayName quotes).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| eng/pipelines/typespec-spector.yml | Adds an authenticated .npmrc template step and sets npm_config_userconfig for the spector coverage upload step. |
| eng/pipelines/templates/steps/set-env.yaml | Adds an authenticated .npmrc template step and uses npm_config_userconfig for global npm installs during environment setup. |
| eng/pipelines/templates/steps/publish-release.yaml | Adds an authenticated .npmrc template step and sets npm_config_userconfig for the release publishing pwsh step; publish-to-npm step remains. |
| eng/pipelines/templates/steps/build-test.yaml | Adds an authenticated .npmrc template step and sets npm_config_userconfig for the main build/install step; also normalizes quoting. |
| eng/pipelines/ci-typespec-nightly.yml | Re-indents/standardizes YAML and adds authenticated .npmrc usage for the nightly dependency bump step. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+5
to
+7
| - template: /eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml | ||
| parameters: | ||
| npmrcPath: $(Agent.TempDirectory)/build-test/.npmrc |
Comment on lines
+7
to
+9
| - template: /eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml | ||
| parameters: | ||
| npmrcPath: $(Agent.TempDirectory)/set-env/.npmrc |
Comment on lines
+9
to
+11
| - template: /eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml | ||
| parameters: | ||
| npmrcPath: $(Agent.TempDirectory)/publish-release/.npmrc |
Comment on lines
+24
to
+26
| - template: /eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml | ||
| parameters: | ||
| npmrcPath: $(Agent.TempDirectory)/spector/.npmrc |
Comment on lines
+36
to
+38
| - template: /eng/common/pipelines/templates/steps/create-authenticated-npmrc.yml | ||
| parameters: | ||
| npmrcPath: $(Agent.TempDirectory)/nightly/.npmrc |
Comment on lines
+43
to
+47
| - script: | | ||
| cd packages/${{ parameters.PackagePath }} | ||
| echo "//registry.npmjs.org/:_authToken=$(azure-sdk-npm-token)" > ./.npmrc | ||
| npm publish --access public | ||
| displayName: "Publish to npm ${{ parameters.PackagePath }}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates several pipeline YAML templates to improve npm authentication handling and environment consistency across CI/CD jobs. The main enhancement is the introduction of an authenticated
.npmrcfile in each major pipeline step, ensuring secure and consistent npm operations. Additionally, some minor formatting improvements were made for consistency.Pipeline authentication and environment setup:
.npmrcusing thecreate-authenticated-npmrc.ymltemplate in the following pipeline templates:build-test.yaml,publish-release.yaml,set-env.yaml, andtypespec-spector.yml. The generated.npmrcis placed in a temporary directory unique to each pipeline phase. [1] [2] [3] [4].npmrcvia thenpm_config_userconfigenvironment variable, ensuring that all npm commands use authenticated access. [1] [2] [3] [4].npmrcto the dependency bump step in the nightly CI pipeline (ci-typespec-nightly.yml).Formatting and consistency:
These changes collectively enhance the security and reliability of npm operations in CI/CD by ensuring authenticated access and consistent environment configuration.