ci: [@dependabot] configure private registry

- https://docs.github.com/code-security/dependabot/working-with-dependabot/removing-dependabot-access-to-public-registries#yarn-berry
- https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#npm-registry

Signed-off-by: Lexus Drumgold <unicornware@flexdevelopment.llc>

.github/dependabot.yml

@@ -6,6 +6,11 @@
 
 ---
 version: 2
+registries:
+  github:
+    token: ${{ secrets.PAT_BOT }}
+    type: npm-registry
+    url: https://npm.pkg.github.com
 updates:
   - package-ecosystem: github-actions
     commit-message:
@@ -28,6 +33,8 @@ updates:
     labels:
       - scope:dependencies
       - type:build
+    registries:
+      - github
     reviewers:
       - flex-development/dependabot-review
       - flexdevelopment

.github/workflows/publish.yml

@@ -28,13 +28,10 @@ on:
 env:
   ARTIFACT: |
     ${{ github.event.inputs.artifact || github.event.release.assets[0].browser_download_url }}
-  NODE_VERSION: 16
-  SCOPE: ${{ format('@{0}', github.repository_owner) }}
+  TAG: ${{ github.event.inputs.tag || github.event.release.tag_name }}
 jobs:
   metadata:
     runs-on: ubuntu-latest
-    env:
-      TAG: ${{ github.event.inputs.tag || github.event.release.tag_name }}
     outputs:
       dist-tag: ${{ steps.dist-tag.outputs.flag }}
       version: ${{ steps.version.outputs.result }}
@@ -66,14 +63,25 @@ jobs:
         ${{ format('{0}/{1}/pkgs/npm/{2}', github.server_url, github.repository,
         github.event.repository.name) }}
     steps:
+      - id: checkout
+        name: Checkout ${{ env.TAG }}
+        uses: actions/checkout@v3.2.0
+        with:
+          ref: ${{ format('refs/tags/{0}', env.TAG) }}
+      - id: npmrc-cleanup
+        name: Remove stale .npmrc file
+        run: rm .npmrc
       - id: npmrc
         name: Setup .npmrc file
         uses: actions/setup-node@v3.6.0
         with:
           always-auth: true
-          node-version: ${{ env.NODE_VERSION }}
+          node-version-file: .nvmrc
           registry-url: https://npm.pkg.github.com
-          scope: ${{ env.SCOPE }}
+          scope: ${{ github.repository_owner }}
+      - id: npmrc-print
+        name: Print contents of .npmrc file
+        run: cat $NPM_CONFIG_USERCONFIG
       - id: publish
         name: Publish package
         run: npm publish $ARTIFACT ${{ needs.metadata.outputs.dist-tag }}
@@ -88,14 +96,25 @@ jobs:
         ${{ format('https://npmjs.com/package/@{0}/v/{1}', github.repository,
         needs.metadata.outputs.version) }}
     steps:
+      - id: checkout
+        name: Checkout ${{ env.TAG }}
+        uses: actions/checkout@v3.2.0
+        with:
+          ref: ${{ format('refs/tags/{0}', env.TAG) }}
+      - id: npmrc-cleanup
+        name: Remove stale .npmrc file
+        run: rm .npmrc
       - id: npmrc
         name: Setup .npmrc file
         uses: actions/setup-node@v3.6.0
         with:
           always-auth: true
-          node-version: ${{ env.NODE_VERSION }}
+          node-version-file: .nvmrc
           registry-url: https://registry.npmjs.org
-          scope: ${{ env.SCOPE }}
+          scope: ${{ github.repository_owner }}
+      - id: npmrc-print
+        name: Print contents of .npmrc file
+        run: cat $NPM_CONFIG_USERCONFIG
       - id: publish
         name: Publish package
         run: npm publish $ARTIFACT ${{ needs.metadata.outputs.dist-tag }}

.npmrc

@@ -0,0 +1,5 @@
+# https://docs.npmjs.com/cli/configuring-npm/npmrc
+
+@flex-development:registry=https://npm.pkg.github.com
+//npm.pkg.github.com/:_authToken=${PAT_BOT}
+//npm.pkg.github.com/:always-auth=true

.yarnrc.yml

@@ -23,7 +23,7 @@ nodeLinker: node-modules
 npmScopes:
   flex-development:
     npmAlwaysAuth: true
-    npmAuthToken: ${GITHUB_TOKEN}
+    npmAuthToken: ${GITHUB_TOKEN:-$PAT_BOT}
     npmRegistryServer: https://npm.pkg.github.com
 
 patchFolder: ./patches