Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(publish): disable legacy verifyAccess behavior by default #3249

Merged
merged 8 commits into from Jul 22, 2022
Merged

feat(publish): disable legacy verifyAccess behavior by default #3249

merged 8 commits into from Jul 22, 2022

Conversation

fahslaj
Copy link
Contributor

@fahslaj fahslaj commented Jul 13, 2022
edited

Default verifyAccess to false for publish. Improve error message when encountering a npm automation token with verifyAccess=true.

Description

Lerna will no longer try to verify the user's access (to the npm packages they are publishing) by default during lerna publish. Setting the verifyAccess option will still perform the verification as before. This also removes the need to ever use --no-verify-access, since that is now the default behavior.

Motivation and Context

This is important because the standard for authentication to npm in a CI/CD pipeline is using a npm automation token. These tokens do not support the verifyAccess option, due to the automation token's lack of read permissions. This PR also adds a more detailed error for the user when this case is encountered.

See #2788 for discussion on lerna & npm automation tokens.

How Has This Been Tested?

I manually tested publishing a new lerna repo with a npm automation token and observed the behavior, both with verifyAccess=true and verifyAccess=false. I also performed this same test using a npm "publish" token. Unit tests have been added to cover the new behavior and the changed default behavior.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (change that has absolutely no effect on users)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@fahslaj fahslaj changed the title feat: Improve error message when encountering a npm automation token feat: default verifyAccess to false for publish Jul 18, 2022
@fahslaj fahslaj force-pushed the publish-with-automation-token branch from 512536f to 53f7c68 Compare July 19, 2022 14:23
@fahslaj fahslaj force-pushed the publish-with-automation-token branch from 53f7c68 to cf79b9d Compare July 22, 2022 04:01
@JamesHenry JamesHenry changed the title feat: default verifyAccess to false for publish feat(publish): disable legacy verifyAccess behavior by default Jul 22, 2022
@JamesHenry JamesHenry merged commit 94174c1 into lerna:main Jul 22, 2022
@fahslaj fahslaj deleted the publish-with-automation-token branch July 22, 2022 14:48
@ghiscoding ghiscoding mentioned this pull request Jul 25, 2022
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JamesHenry JamesHenry JamesHenry approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fahslaj @JamesHenry