diff --git a/__tests__/authutil.test.ts b/__tests__/authutil.test.ts index d5f6c195..d884e23c 100644 --- a/__tests__/authutil.test.ts +++ b/__tests__/authutil.test.ts @@ -118,6 +118,27 @@ describe('authutil tests', () => { expect(process.env.NODE_AUTH_TOKEN).toEqual('foobar'); }); + it('should not export NODE_AUTH_TOKEN if not set in environment', async () => { + const exportSpy = jest.spyOn(core, 'exportVariable'); + delete process.env.NODE_AUTH_TOKEN; + await auth.configAuthentication('https://registry.npmjs.org/'); + expect(fs.statSync(rcFile)).toBeDefined(); + const rc = readRcFile(rcFile); + expect(rc['registry']).toBe('https://registry.npmjs.org/'); + expect(exportSpy).not.toHaveBeenCalledWith( + 'NODE_AUTH_TOKEN', + expect.anything() + ); + }); + + it('should export NODE_AUTH_TOKEN if set to empty string', async () => { + const exportSpy = jest.spyOn(core, 'exportVariable'); + process.env.NODE_AUTH_TOKEN = ''; + await auth.configAuthentication('https://registry.npmjs.org/'); + expect(fs.statSync(rcFile)).toBeDefined(); + expect(exportSpy).toHaveBeenCalledWith('NODE_AUTH_TOKEN', ''); + }); + it('configAuthentication should overwrite non-scoped with non-scoped', async () => { fs.writeFileSync(rcFile, 'registry=NNN'); await auth.configAuthentication('https://registry.npmjs.org/'); diff --git a/dist/setup/index.js b/dist/setup/index.js index 90d70cfc..8a86b779 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -78875,8 +78875,10 @@ function writeRegistryToFile(registryUrl, fileLocation) { newContents += `${authString}${os.EOL}${registryString}`; fs.writeFileSync(fileLocation, newContents); core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation); - // Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it - core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX'); + // Only export NODE_AUTH_TOKEN if explicitly provided by user + if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) { + core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN); + } } diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 2671a6ad..5f0edfb0 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -329,36 +329,51 @@ steps: - run: npm test ``` -**Restore-Only Cache** +**Restore-only cache** + +You can restore caches without saving new entries, which helps reduce cache writes and storage usage in read-only cache workflows. ```yaml -## In some workflows, you may want to restore a cache without saving it. This can help reduce cache writes and storage usage in workflows that only need to read from cache -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - # Restore Node.js modules cache (restore-only) - - name: Restore Node modules cache - uses: actions/cache@v5 - id: cache-node-modules - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- - # Setup Node.js - - name: Setup Node.js - uses: actions/setup-node@v6 - with: - node-version: '24' - # Install dependencies - - run: npm install +steps: +- uses: actions/checkout@v6 +# - uses: pnpm/action-setup@v6 +# with: +# version: 10 + +- name: Setup Node.js + uses: actions/setup-node@v6 + with: + node-version: '24' + +- name: Normalize runner architecture + shell: bash + run: echo "ARCH=$(echo '${{ runner.arch }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV + +- name: Output of cache path + id: cachepath + shell: bash + run: echo "path=$(npm config get cache)" >> $GITHUB_OUTPUT + # run: echo "path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT + # For yarn workflow, output of yarn cache dir (v1) or yarn config get cacheFolder (v2+) + # run: echo "path=$(yarn cache dir)" >> $GITHUB_OUTPUT + +- name: Restore Node cache + uses: actions/cache/restore@v5 + with: + path: ${{ steps.cachepath.outputs.path }} + key: node-cache-${{ runner.os }}-${{ env.ARCH }}-npm-${{ hashFiles('**/package-lock.json') }} + # key: node-cache-${{ runner.os }}-${{ env.ARCH }}-yarn-${{ hashFiles('**/yarn.lock') }} + # key: node-cache-${{ runner.os }}-${{ env.ARCH }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }} + +- run: npm ci +# - run: yarn install --frozen-lockfile # optional, --immutable +# - run: pnpm install ``` +> **Note**: Uncomment the commands relevant to your project's package manager. -> For more details related to cache scenarios, please refer [Node – npm](https://github.com/actions/cache/blob/main/examples.md#node---npm). +> For more details related to cache scenarios, please refer [actions/cache/restore](https://github.com/actions/cache/tree/main/restore#only-restore-cache). -## Multiple Operating Systems and Architectures +## Multiple operating systems and architectures ```yaml jobs: diff --git a/package-lock.json b/package-lock.json index 28130045..eabbf3fc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1553,18 +1553,6 @@ "@jridgewell/sourcemap-codec": "^1.4.14" } }, - "node_modules/@nodable/entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@nodable/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-nyT7T3nbMyBI/lvr6L5TyWbFJAI9FTgVRakNoBqCD+PmID8DzFrrNdLLtHMwMszOtqZa8PAOV24ZqDnQrhQINA==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/nodable" - } - ], - "license": "MIT" - }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -3332,9 +3320,9 @@ "license": "MIT" }, "node_modules/fast-xml-builder": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.5.tgz", - "integrity": "sha512-4TJn/8FKLeslLAH3dnohXqE3QSoxkhvaMzepOIZytwJXZO69Bfz0HBdDHzOTOon6G59Zrk6VQ2bEiv1t61rfkA==", + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.1.4.tgz", + "integrity": "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==", "funding": [ { "type": "github", @@ -3347,9 +3335,9 @@ } }, "node_modules/fast-xml-parser": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.7.1.tgz", - "integrity": "sha512-8Cc3f8GUGUULg34pBch/KGyPLglS+OFs05deyOlY7fL2MTagYPKrVQNmR1fLF/yJ9PH5ZSTd3YDF6pnmeZU+zA==", + "version": "5.5.11", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.5.11.tgz", + "integrity": "sha512-QL0eb0YbSTVWF6tTf1+LEMSgtCEjBYPpnAjoLC8SscESlAjXEIRJ7cHtLG0pLeDFaZLa4VKZLArtA/60ZS7vyA==", "funding": [ { "type": "github", @@ -3358,9 +3346,8 @@ ], "license": "MIT", "dependencies": { - "@nodable/entities": "^2.1.0", - "fast-xml-builder": "^1.1.5", - "path-expression-matcher": "^1.5.0", + "fast-xml-builder": "^1.1.4", + "path-expression-matcher": "^1.4.0", "strnum": "^2.2.3" }, "bin": { @@ -4990,9 +4977,9 @@ } }, "node_modules/path-expression-matcher": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.5.0.tgz", - "integrity": "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ==", + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/path-expression-matcher/-/path-expression-matcher-1.4.0.tgz", + "integrity": "sha512-s4DQMxIdhj3jLFWd9LxHOplj4p9yQ4ffMGowFf3cpEgrrJjEhN0V5nxw4Ye1EViAGDoL4/1AeO6qHpqYPOzE4Q==", "funding": [ { "type": "github", diff --git a/src/authutil.ts b/src/authutil.ts index e4b823bd..37d8cfe1 100644 --- a/src/authutil.ts +++ b/src/authutil.ts @@ -46,9 +46,8 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) { newContents += `${authString}${os.EOL}${registryString}`; fs.writeFileSync(fileLocation, newContents); core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation); - // Export empty node_auth_token if didn't exist so npm doesn't complain about not being able to find it - core.exportVariable( - 'NODE_AUTH_TOKEN', - process.env.NODE_AUTH_TOKEN || 'XXXXX-XXXXX-XXXXX-XXXXX' - ); + // Only export NODE_AUTH_TOKEN if explicitly provided by user + if (Object.prototype.hasOwnProperty.call(process.env, 'NODE_AUTH_TOKEN')) { + core.exportVariable('NODE_AUTH_TOKEN', process.env.NODE_AUTH_TOKEN); + } }