GitHub Actions 自动构建并发布到 NPM

yiyun

发布于 2022-04-01 15:53:32

89900

代码可运行

文章被收录于专栏：yiyun 的专栏yiyun 的专栏

运行总次数：0

代码可运行

引言

npm-push.yml

name: npm Push

on: 
  push:
    tags:
      - 'v*'

jobs:
  build-push:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2
    
    - name: Setup Node.js
      uses: actions/setup-node@v2
      with:
        node-version: 12

    - name: Build
      run: |
        npm install
        npm run build:prod
        npm run build:cdn
        
    - name: Publish to npm
      run: |
        npm config set registry https://registry.npmjs.org
        npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

    - name: Publish to GitHub Package
      run: |
        npm config set registry https://npm.pkg.github.com
        npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

补充

- name: Publish to npm
  run: |
    npm config set registry https://registry.npmjs.org
    npm publish

也可以改为如下:

- name: Publish to npm
  run: npm publish --registry https://registry.npmjs.org

注意如果之间 npm 上没有此包，需要在本地先 npm login 的方式 npm publish 此包，以创建此包，经过测试，似乎，npm access token 没有创建包的权限 TODO: 失败，不是这个原因

npm-release.yml

name: npm Release

on: 
  push:
    tags:
      - 'v*'

jobs:
  build-release:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2
    
    - name: Setup Node.js
      uses: actions/setup-node@v2
      with:
        node-version: 12

    - name: Build
      run: |
        npm install
        npm run build:prod
        npm run build:cdn

    - name: Zip the Build
      run: |
        zip -r dist.zip ./dist/ 
        zip -r dist-cdn.zip ./dist-cdn/

    - name: Create Release and Upload Release Asset
      uses: softprops/action-gh-release@v1
      if: startsWith(github.ref, 'refs/tags/')
      with:
        #tag_name: ${{ github.ref }}
        #name: ${{ github.ref }}
        body: TODO New Release.
        #body_path: CHANGELOG.txt
        draft: false
        prerelease: false
        files: |
          dist.zip
          dist-cdn.zip
          LICENSE

补充

GitHub 同步 Gitee

参考:

sync-gitee.yml

name: Sync to Gitee

on:
  push:
    branches: [dev, 2.x, gh-pages]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Sync to Gitee
        uses: wearerequired/git-mirror-action@master
        env:
          # 在 Settings->Secrets 配置 GITEE_RSA_PRIVATE_KEY
          SSH_PRIVATE_KEY: ${{ secrets.GITEE_RSA_PRIVATE_KEY }}
        with:
          # GitHub 源仓库地址
          source-repo: git@github.com:youzan/vant.git
          # Gitee 目标仓库地址
          destination-repo: git@gitee.com:vant-contrib/vant.git

创建 SSH 秘钥

注意: 使用这个需要一个没有密码短语的SSH 密钥
因为我的需要密码，因此再创建一个 SSH秘钥，用于同步

参考:

1.打开 Git Bash

ssh-keygen -t ed25519 -C "your_email@example.com"

注意：如果您使用的是不支持 Ed25519 算法的旧系统，请使用：

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

这将创建一个新的 ssh 密钥，使用提供的电子邮件作为标签。

2.当系统提示您“输入要保存密钥的文件”时，按 Enter。这接受默认文件位置。

3.在提示下，键入安全密码。有关更多信息，请参阅“使用 SSH 密钥密码”。

> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]

注意关键在这一步，需要直接按 Enter，这样就无需密码

/c/Users/yiyun/.ssh/id_ed25519  # 私钥文件
/c/Users/yiyun/.ssh/id_ed25519.pub # 公钥文件

在 Settings->Secrets 配置 GITEE_RSA_PRIVATE_KEY, 内容为私钥文件内容，

在 Gitee, GitHub 添加公钥

CodeQL

参考:

codeql-analysis.yml

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
  push:
    branches: [ dev ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ dev ]
  schedule:
    - cron: '36 21 * * 2'

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: [ 'javascript' ]
        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
        # Learn more:
        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
      uses: github/codeql-action/autobuild@v1

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl

    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
    #    and modify them (or add more) to build your code if your project
    #    uses a compiled language

    #- run: |
    #   make bootstrap
    #   make release

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v1

Publishing packages to npm and GitHub Packages

经过测试, 不知道为什么，部分项目这样做，两个都能成功发布，但部分项目，完全相同配置，就发布不成功，说什么找不到这个包名,404 等

> 目测原因是 Setup Node.js and Setup .npmrc file to publish to GitHub Packages 步骤中, 没有成功将 registry 改为 GitHub Package, 可能是因为已经上面已经安装了, 导致没有执行, 可以试试

npm publish --registry https://npm.pkg.github.com

> 其实奇怪的是, 下面用 NODE_AUTH_TOKEN 环境变量也和其它网上资料配置冲突, 其他资料用 NPM_TOKEN, 不过这个用 NODE_AUTH_TOKEN 的是 GitHub Actions 官方文档里的发布到npm, 比较权威

name: npm Push

on: 
  push:
    tags:
      - 'v*'

jobs:
  build-push:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout Source
      uses: actions/checkout@v2
    
    # https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages#publishing-packages-to-npm-and-github-packages

    # Setup .npmrc file to publish to npm
    - name: Setup Node.js and Setup .npmrc file to publish to npm
      uses: actions/setup-node@v2
      with:
        node-version: 12
        registry-url: 'https://registry.npmjs.org'

    - name: Build
      run: |
        npm install
        npm run build:prod
        npm run build:cdn
    
    - name: Publish to npm
      run: |
        npm publish --access public
      env:
        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

    # Setup .npmrc file to publish to GitHub Packages
    - name: Setup Node.js and Setup .npmrc file to publish to GitHub Packages
      uses: actions/setup-node@v2
      with:
        node-version: 12
        registry-url: 'https://npm.pkg.github.com'

    - name: Publish to GitHub Package
      run: |
        npm publish
      env:
        NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

publish to npm 其它配置

参考:

- name: 6. 发布包
  run: |
    npm config set //registry.npmjs.org/:_authToken=$NPM_TOKEN
    npm publish
  env:
    NPM_TOKEN: ${{secrets.NPM_TOKEN}}

- name: publish to npm
  run: |
    npm config set '//registry.npmjs.org/:_authToken' "${NPM_TOKEN}"
    npm publish

参考

感谢帮助！

本文作者： yiyun

本文链接： https://moeci.com/posts/分类-github/github-actions-npm/

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2021-01-26，如有侵权请联系 cloudcommunity@tencent.com 删除

npm

本文分享自作者个人站点/博客前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

本文参与腾讯云自媒体同步曝光计划，欢迎热爱写作的你一起参与！

登录后参与评论

0 条评论

热度