-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use CFS rather than public npm registry in PR builds and official bui…
…lds (#9837)
- Loading branch information
Showing
6 changed files
with
130 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| name: Add auth token to .npmrc | ||
|
|
||
| on: | ||
| workflow_call: | ||
|
|
||
| inputs: | ||
| working-directory: | ||
| description: The directory whose .npmrc file should be modified | ||
| required: true | ||
| type: string | ||
| token: | ||
| description: The auth token to add to the .npmrc file | ||
| required: true | ||
| type: string | ||
| feed-url: | ||
| description: The URL of the Azure Artifacts feed to authenticate with | ||
| required: false | ||
| default: //devdiv.pkgs.visualstudio.com/DevDiv/_packaging/Pylance_PublicPackages | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Generate .npmrc | ||
| shell: bash | ||
| run: | | ||
| echo "registry=https:${{ inputs.feed-url }}/npm/registry/" > ${{ inputs.working-directory }}/.npmrc | ||
| echo "" >> ${{ inputs.working-directory }}/.npmrc | ||
| echo "${{ inputs.feed-url }}/npm/registry/:username=github-actions" >> ${{ inputs.working-directory }}/.npmrc | ||
| echo "${{ inputs.feed-url }}/npm/registry/:_authToken=${{ inputs.token }}" >> ${{ inputs.working-directory }}/.npmrc | ||
| echo "${{ inputs.feed-url }}/npm/registry/:[email protected]" >> ${{ inputs.working-directory }}/.npmrc | ||
| echo "${{ inputs.feed-url }}/npm:username=github-actions" >> ${{ inputs.working-directory }}/.npmrc | ||
| echo "${{ inputs.feed-url }}/npm:_authToken=${{ inputs.token }}" >> ${{ inputs.working-directory }}/.npmrc | ||
| echo "${{ inputs.feed-url }}/npm:[email protected]" >> ${{ inputs.working-directory }}/.npmrc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| name: Setup npm cache caching | ||
|
|
||
| on: | ||
| workflow_call: | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Get npm cache directory | ||
| id: npm-cache | ||
| shell: bash | ||
| run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT | ||
|
|
||
| - uses: actions/cache@v3 | ||
| with: | ||
| path: ${{ steps.npm-cache.outputs.dir }} | ||
| key: ${{ runner.os }}-node-${{ hashFiles('**/.npmrc') }}-${{ hashFiles('**/package-lock.json') }} | ||
| # For security, only reuse caches with matching .npmrc files (ex. same registry URL) | ||
| restore-keys: ${{ runner.os }}-node-${{ hashFiles('**/.npmrc') }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| # Does an npm install using our private Azure Artifacts registry which requires OIDC authentication. | ||
| # Workflows that use this action must add the id-token: write permission. | ||
|
|
||
| name: npm install via CFS | ||
|
|
||
| on: | ||
| workflow_call: | ||
|
|
||
| runs: | ||
| using: composite | ||
| steps: | ||
| - name: Azure OIDC Login | ||
| uses: azure/login@v2 | ||
| with: | ||
| # These are not secret values and are safe to commit to the repository | ||
| client-id: 92c669e8-02ad-4ce6-ad73-f222fc7177e2 | ||
| tenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 | ||
| allow-no-subscriptions: true | ||
|
|
||
| - name: Setup CFS Credentials | ||
| shell: bash | ||
| id: npm-auth | ||
| # The resource guid is the app id of Azure DevOps | ||
| run: | | ||
| echo "token=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 | jq -r .accessToken)" >> $GITHUB_OUTPUT | ||
| - uses: ./.github/actions/cfs-npm-authenticate | ||
| with: | ||
| working-directory: . | ||
| token: ${{ steps.npm-auth.outputs.token }} | ||
|
|
||
| - uses: ./.github/actions/cfs-npm-authenticate | ||
| with: | ||
| working-directory: packages/pyright | ||
| token: ${{ steps.npm-auth.outputs.token }} | ||
|
|
||
| - uses: ./.github/actions/cfs-npm-authenticate | ||
| with: | ||
| working-directory: packages/pyright-internal | ||
| token: ${{ steps.npm-auth.outputs.token }} | ||
|
|
||
| - uses: ./.github/actions/cfs-npm-authenticate | ||
| with: | ||
| working-directory: packages/vscode-pyright | ||
| token: ${{ steps.npm-auth.outputs.token }} | ||
|
|
||
| - run: npm run install:all | ||
| shell: bash | ||
| working-directory: ${{ inputs.working-directory }} | ||
|
|
||
| - name: Cleanup .npmrc | ||
| shell: bash | ||
| run: rm .npmrc | ||
| working-directory: ${{ inputs.working-directory }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| steps: | ||
| - task: npmAuthenticate@0 | ||
| inputs: | ||
| workingFile: .npmrc | ||
|
|
||
| - task: npmAuthenticate@0 | ||
| inputs: | ||
| workingFile: packages/pyright/.npmrc | ||
|
|
||
| - task: npmAuthenticate@0 | ||
| inputs: | ||
| workingFile: packages/pyright-internal/.npmrc | ||
|
|
||
| - task: npmAuthenticate@0 | ||
| inputs: | ||
| workingFile: packages/vscode-pyright/.npmrc |