Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(publish): disable legacy verifyAccess behavior by default #274

Merged
merged 2 commits into from Jul 25, 2022
Merged

feat(publish): disable legacy verifyAccess behavior by default #274

merged 2 commits into from Jul 25, 2022

Conversation

ghiscoding
Copy link
Member

@ghiscoding ghiscoding commented Jul 25, 2022
edited

Default verifyAccess to false for publish. Improve error message when encountering a npm automation token with verifyAccess=true.

Description

As per original Lerna PR 3249

Lerna will no longer try to verify the user's access (to the npm packages they are publishing) by default during lerna publish. Setting the verifyAccess option will still perform the verification as before. This also removes the need to ever use --no-verify-access, since that is now the default behavior.

Motivation and Context

Keep in sync with original Lerna PR 3249

This is important because the standard for authentication to npm in a CI/CD pipeline is using a npm automation token. These tokens do not support the verifyAccess option, due to the automation token's lack of read permissions. This PR also adds a more detailed error for the user when this case is encountered.

See lerna/lerna#2788 for discussion on lerna & npm automation tokens.

How Has This Been Tested?

From Original Lerna PR

I manually tested publishing a new lerna repo with a npm automation token and observed the behavior, both with verifyAccess=true and verifyAccess=false. I also performed this same test using a npm "publish" token. Unit tests have been added to cover the new behavior and the changed default behavior.

Types of changes

  • Chore (change that has absolutely no effect on users)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@codecov
Copy link

codecov bot commented Jul 25, 2022
edited

Codecov Report

Merging #274 (65caa30) into main (9e55dcb) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #274      +/-   ##
==========================================
+ Coverage   93.84%   93.84%   +0.01%     
==========================================
  Files         142      142              
  Lines        4101     4105       +4     
  Branches      846      848       +2     
==========================================
+ Hits         3848     3852       +4     
  Misses        253      253
Impacted Files Coverage Δ
...kages/cli/src/cli-commands/cli-publish-commands.ts 100.00% <ø> (ø)
packages/publish/src/lib/get-npm-username.ts 100.00% <100.00%> (ø)
packages/publish/src/publish-command.ts 96.90% <100.00%> (+0.02%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9e55dcb...65caa30. Read the comment docs.

@ghiscoding ghiscoding merged commit fb1852d into main Jul 25, 2022
@ghiscoding ghiscoding deleted the feat-publish-with-automation-token branch July 25, 2022 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@ghiscoding