Npm Publish Secret

brenwell · March 10, 2018, 12:15pm

Hey there team Drone

I would like to publish my code to an npm registry after it passes all the tests. Except I need to obviously hide the npm credentials. I am trying the following, with little luck. Perhaps someone can push me in the right direction.

Thanks in advance

pipeline:
  build:
    image: node:8
    commands:
      - npm install
      - npm build
      - npm test

  npm:
    image: plugins/npm
    username: ${NPM_USERNAME}
    password: ${NPM_PASSWORD}
    email: ${NPM_EMAIL}

and

version: ‘2’

services:
  drone-server:
    image: drone/drone:0.8
    ports:
      - 8822:8000
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
    restart: always
    environment:
      - DRONE_HOST=asdf
      - DRONE_OPEN=true
      - DRONE_ADMIN=asdf
      - DRONE_ORGS=asdf
      - DRONE_GITHUB=true
      - DRONE_GITHUB_CLIENT=asdf
      - DRONE_GITHUB_SECRET=asdf
      - DRONE_SECRET=asdf
      - NPM_USERNAME=brenwell
      - NPM_PASSWORD=somepassword-34cg3g54ge
      - NPM_EMAIL=my@email.com

bradrydzewski · March 10, 2018, 4:39pm

the ${variable} syntax is not valid for injecting secrets (it was in older version of drone, but not newer). You will therefore need to use secrets as described here:
http://docs.drone.io/manage-secrets/

pipeline:
  build:
    image: node:8
    commands:
      - npm install
      - npm build
      - npm test

  npm:
    image: plugins/npm
-   username: ${NPM_USERNAME}
-   password: ${NPM_PASSWORD}
-   email: ${NPM_EMAIL}
+   secrets: [ npm_username, npm_password, npm_email ]

brenwell · March 11, 2018, 3:32pm

Thank you, I worked out that it needs to be like

  npm:
    image: plugins/npm
    username: $NPM_USERNAME
    password: $NPM_PASSWORD
    email: $NPM_EMAIL

I read the secrets stuff but I wasn’t quite sure what it meant. Have I now done it the correct way or this secrets approach different?

brenwell · March 11, 2018, 3:43pm

Ok so it appears to be different. I tried to add a secret via the following command

drone secret add --repository brenwell/each-after --image plugins/npm --name npm_username --value brenwell

and got

json: cannot unmarshal array into Go value of type model.Secret

I must have misunderstood something from the docs, sorry.

bradrydzewski · March 11, 2018, 7:09pm

the syntax in this example will not work. Drone will not replace $NPM_USERNAME or $NPM_PASSWORD with your secret values. Secrets need to be declared in the yaml as defined in http://docs.drone.io/manage-secrets/

json: cannot unmarshal array into Go value of type model.Secret

are you using the correct server address with the CLI? We see this error frequently when someone using the HTTP address with the CLI instead of the HTTPS address. Also note that you can manage secrets in the user-interface if you do not want to use the CLI.

brenwell · March 12, 2018, 10:09am

Yep you were totally right on both accounts. Thanks

The syntax didn’t work it used them as strings so it appeared to work but of course my username and password aren’t “$NPM_USERNAME” & “$NPM_PASSWORD”.

And swapping from http to https did the trick

Also using the GUI is a nice tip, perhaps we should add that to the docs?

Thanks @bradrydzewski