fix(functions): forward NPM_AUTH_TOKEN to deploy bundler container

[addniner]

Summary

The Docker bundler for functions deploy only passes NPM_CONFIG_REGISTRY to the container environment (added in #3020). When .npmrc uses ${NPM_AUTH_TOKEN} for private registry authentication, the variable is not available inside the container, causing 401 errors.

This PR forwards NPM_AUTH_TOKEN from the host environment to the Docker container, following the same pattern established in #3020.

Reproduction

#	Method	Result	Error
1	supabase functions deploy hello (.npmrc with ${NPM_AUTH_TOKEN})	Fail	401 unauthenticated
2	NPM_AUTH_TOKEN=xxx supabase functions deploy hello	Fail	401 unauthenticated (env not forwarded to container)
3	.npmrc with hardcoded token	Pass	-
4	NPM_AUTH_TOKEN=xxx with patched CLI	Pass	-

Tested with a private package (@addniner/test-private-pkg) on GitHub Packages, with Docker cache cleared between attempts.

Change

3-line addition in internal/functions/deploy/bundle.go, same pattern as the existing NPM_CONFIG_REGISTRY forwarding:

if authToken := os.Getenv("NPM_AUTH_TOKEN"); authToken \!= "" {
    env = append(env, "NPM_AUTH_TOKEN="+authToken)
}

Closes #4927

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 3093be78-76e4-4c3c-a44e-32ffb08d7c87

📥 Commits

Reviewing files that changed from the base of the PR and between 9efbdaa and 7e87154.

📒 Files selected for processing (1)

• internal/functions/deploy/bundle.go

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated bundling process to pass authentication environment variables to Docker when available, improving flexibility of the deployment environment configuration.

Walkthrough

The pull request modifies the bundle deployment logic to read the NPM_AUTH_TOKEN environment variable and inject it into the Docker environment during function bundling. This enables the Docker container to access the token when resolving dependencies from private npm registries during deployment, addressing the failure that occurs when using .npmrc files with environment variable placeholders.

Assessment against linked issues

Objective	Addressed	Explanation
Enable functions deploy to resolve ${NPM_AUTH_TOKEN} in .npmrc for private npm registry authentication [#4927]	✅

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}