Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(publish): disable legacy verifyAccess behavior by default #3249

Merged
merged 8 commits into from Jul 22, 2022

Conversation

fahslaj
Copy link
Collaborator

@fahslaj fahslaj commented Jul 13, 2022

Default verifyAccess to false for publish. Improve error message when encountering a npm automation token with verifyAccess=true.

Description

Lerna will no longer try to verify the user's access (to the npm packages they are publishing) by default during lerna publish. Setting the verifyAccess option will still perform the verification as before. This also removes the need to ever use --no-verify-access, since that is now the default behavior.

Motivation and Context

This is important because the standard for authentication to npm in a CI/CD pipeline is using a npm automation token. These tokens do not support the verifyAccess option, due to the automation token's lack of read permissions. This PR also adds a more detailed error for the user when this case is encountered.

See #2788 for discussion on lerna & npm automation tokens.

How Has This Been Tested?

I manually tested publishing a new lerna repo with a npm automation token and observed the behavior, both with verifyAccess=true and verifyAccess=false. I also performed this same test using a npm "publish" token. Unit tests have been added to cover the new behavior and the changed default behavior.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (change that has absolutely no effect on users)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@fahslaj fahslaj requested review from JamesHenry Jul 13, 2022
@fahslaj fahslaj changed the title feat: Improve error message when encountering a npm automation token feat: default verifyAccess to false for publish Jul 18, 2022
@fahslaj fahslaj force-pushed the publish-with-automation-token branch from 512536f to 53f7c68 Compare Jul 19, 2022
@fahslaj fahslaj force-pushed the publish-with-automation-token branch from 53f7c68 to cf79b9d Compare Jul 22, 2022
commands/publish/index.js Outdated Show resolved Hide resolved
commands/publish/README.md Outdated Show resolved Hide resolved
commands/publish/README.md Outdated Show resolved Hide resolved
@JamesHenry JamesHenry changed the title feat: default verifyAccess to false for publish feat(publish): disable legacy verifyAccess behavior by default Jul 22, 2022
@JamesHenry JamesHenry merged commit 94174c1 into lerna:main Jul 22, 2022
14 checks passed
@fahslaj fahslaj deleted the publish-with-automation-token branch Jul 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants