npm

Description

This plugin enables the ability to manage artifacts in npm in a Vela pipeline.

Source Code: https://github.com/go-vela/vela-npm

Registry: https://hub.docker.com/r/target/vela-npm

Usage

NOTE:

Users should refrain from using latest as the tag for the Docker image.

It is recommended to use a semantically versioned tag instead.

Sample of publishing package:

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org

Sample of publishing if registry does not support npm ping:

NOTE:

Recommended if you are deploying to a registry inside Artifactory

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org
+     skip_ping: true

Sample of pretending to publish package:

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org
+     dry_run: true

Sample of first time publishing package:

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org
+     first_publish: true

Sample of publishing with additional dist-tag:

NOTE:

Tags are used as an alias and cannot be valid semver

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org
+     tag: beta

Higher level of tolerance for npm audit:

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org
+     audit_level: critical

Secrets

NOTE:

Users should refrain from configuring sensitive information in their pipeline in plain text.

Internal

The plugin accepts the following parameters for authentication:

ParameterEnvironment Variable Configuration
passwordNPM_PASSWORD, PARAMETER_PASSWORD
usernameNPM_USERNAME, PARAMETER_USERNAME
registryNPM_REGISTRY, PARAMETER_REGISTRY
emailNPM_EMAIL, PARAMETER_EMAIL

Users can use Vela internal secrets to substitute these sensitive values at runtime:

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    secrets: [ npm_password ]
    parameters:
      username: npmUsername
      registry: https://registry.npmjs.org
-     password: superSecretPassword

This example will add the secrets to the npm_publish step as environment variables:

  • NPM_PASSWORD=value

External

The plugin accepts the following files for authentication:

ParameterVolume Configuration
password/vela/parameters/npm/password, /vela/secrets/npm/password, /vela/secrets/managed-auth/password
username/vela/parameters/npm/username, /vela/secrets/npm/username, /vela/secrets/managed-auth/username
registry/vela/parameters/npm/registry, /vela/secrets/npm/registry
email/vela/parameters/npm/email, /vela/secrets/npm/email

Users can use Vela external secrets to substitute these sensitive values at runtime:

steps:
  - name: npm_publish
    image: target/vela-npm:latest
    pull: not_present
    parameters:
      registry: https://registry.npmjs.org
-     username: npmUsername
-     password: superSecretPassword

Parameters

The following parameters are used to configure the image:

NameDescriptionRequiredDefaultEnvironment Variables
usernameusername for communication with npmtrueN/APARAMETER_USERNAME
NPM_USERNAME
passwordpassword for communication with npmfalseN/APARAMETER_PASSWORD
NPM_PASSWORD
emailemail for communication with npmfalseN/APARAMETER_EMAIL
NPM_EMAIL
tokenauth token for communication with npmfalseN/APARAMETER_TOKEN
TOKEN
registrynpm instance to communicate withfalsehttps://registry.npmjs.orgPARAMETER_REGISTRY
NPM_REGISTRY
audit_levellevel at which the audit check should fail (valid options: low, moderate, high, critical, none to skip)falsenonePARAMETER_AUDIT_LEVEL
AUDIT_LEVEL
strict_sslwhether or not to do SSL key validation during communicationfalsetruePARAMETER_STRICT_SSL
STRICT_SSL
always_authforce npm to always require authenticationfalsefalsePARAMETER_ALWAYS_AUTH
ALWAYS_AUTH
skip_pingwhether or not to skip npm ping authentication commandfalsefalsePARAMETER_SKIP_PING
SKIP_PING
dry_runenables pretending to perform the actionfalsefalsePARAMETER_DRY_RUN
DRY_RUN
tagpublish package with given alias tagfalselatestPARAMETER_TAG
TAG
log_levelset the log level for the plugin (valid options: info, debug, trace)trueinfoPARAMETER_LOG_LEVEL
LOG_LEVEL
workspacespublish all workspacesfalsefalsePARAMETER_WORKSPACES
WORKSPACES
workspacepublish a specific workspace by specifying the workspace name or relative pathfalseN/APARAMETER_WORKSPACE
WORKSPACE
accessTells the registry whether this package should be published as public or restricted. Only applies to scoped packages, which default to restrictedfalserestrictedPARAMETER_ACCESS
ACCESS

package.json

This is your module’s manifest. There are a few important keys that need to be set in order to publish your module

  • name - your package name that will be checked against in the registry
  • version - your package version that will be used to publish, it must be valid semver and unique to the registry
  • private - this needs to be set to false even if you are publishing it internally.
  • publishConfig - this should be configured to your registry location and registry parameter should match this value

For example values, see npm’s documentation

Template

COMING SOON!

Troubleshooting

Here are the available log levels to assist in troubleshooting: trace, debug, info, warn, error, fatal, panic

Last modified September 1, 2022: feat: npm plugin docs (#317) (fa9bbf5a)