From 2bdb6bbb98335386432010b116346553f25e6c87 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Tue, 3 Mar 2026 19:44:50 +0100 Subject: [PATCH] fix(ci): unify npm auth strategy, add always-auth, better logging --- .gitea/workflows/deploy.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 43fe4fc..20e038f 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -163,13 +163,23 @@ jobs: TOKEN="${{ secrets.NPM_TOKEN }}" if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.MINTEL_PRIVATE_TOKEN }}"; fi if [ -z "$TOKEN" ]; then TOKEN="${{ secrets.GITEA_PAT }}"; fi - if [ -z "$TOKEN" ]; then echo "Missing NPM_TOKEN secret! Add it to Gitea repo settings."; exit 1; fi - echo "@mintel:registry=https://${{ vars.REGISTRY_HOST || 'git.infra.mintel.me/api/packages/mmintel/npm/' }}" > .npmrc - echo "//${{ vars.REGISTRY_HOST || 'git.infra.mintel.me/api/packages/mmintel/npm/' }}:_authToken=${TOKEN}" >> .npmrc + if [ -z "$TOKEN" ]; then echo "❌ Missing NPM_TOKEN / MINTEL_PRIVATE_TOKEN / GITEA_PAT secret!"; exit 1; fi + + # Mask token in logs (just in case, but Gitea usually does this automatically) + echo "::add-mask::$TOKEN" + + echo "Configuring .npmrc for git.infra.mintel.me..." + echo "@mintel:registry=https://git.infra.mintel.me/api/packages/mmintel/npm/" > .npmrc + echo "//git.infra.mintel.me/api/packages/mmintel/npm/:_authToken=${TOKEN}" >> .npmrc + echo "always-auth=true" >> .npmrc + + # Also export for pnpm to pick it up from env if needed + echo "NPM_TOKEN=${TOKEN}" >> $GITHUB_ENV - name: 🏗️ Compile Sibling Monorepo run: | cp .npmrc _at-mintel/ cd _at-mintel + # Use local .npmrc or env token pnpm install --no-frozen-lockfile pnpm build - name: Install dependencies