Package Release: Update usage of NPM auth token

[psealock]

Submission Review Guidelines:

• I have followed the WooCommerce Contributing Guidelines and the WordPress Coding Standards.
• I have checked to ensure there aren't other open Pull Requests for the same update/change.
• I have reviewed my code for security best practices.
• Following the above guidelines will result in quick merges and clear and detailed feedback when appropriate.

Changes proposed in this Pull Request:

NPM auth token was being incorrectly used, this PR fixes it according to NPM docs.

How to test the changes in this Pull Request:

Using the WooCommerce Testing Instructions Guide, include your detailed testing instructions:

1. I kicked off the Release workflow on a package that was ready to publish using this branch. See the workflow succeed here: https://github.com/woocommerce/woocommerce/actions/runs/7722378461/job/21050460230
2. Expand the "Execute script" and confirm the script that was executed referencing this branch (fix/npm-auth-token-use) and the @woocommerce/create-woo-extension package.
3. Note also the 1.1.0 version successfully published at the end of the section's logs
4. Confirm the package was indeed updated on NPM: https://www.npmjs.com/package/@woocommerce/create-woo-extension

Changelog entry

• Automatically create a changelog entry from the details below.

Significance

• Patch
• Minor
• Major

Type

• Fix - Fixes an existing bug
• Add - Adds functionality
• Update - Update existing functionality
• Dev - Development related task
• Tweak - A minor adjustment to the codebase
• Performance - Address performance issues
• Enhancement - Improvement to existing functionality

Message

Comment

[github-actions]

Hi @rrennick,

Apart from reviewing the code changes, please make sure to review the testing instructions as well.

You can follow this guide to find out what good testing instructions should look like:
https://github.com/woocommerce/woocommerce/wiki/Writing-high-quality-testing-instructions

[github-actions]

Test Results Summary

Commit SHA: 41404fb

Test 🧪	Passed ✅	Failed 🚨	Broken 🚧	Skipped ⏭️	Unknown ❔	Total 📊	Duration ⏱️
API Tests	259	0	0	2	0	261	0m 37s
E2E Tests	287	0	0	21	0	308	6m 53s

---

To view the full API test report, click here.
To view the full E2E test report, click here.
To view all test reports, visit the WooCommerce Test Reports Dashboard.

[rrennick]

Nice work. Thanks @psealock

[rrennick]

@psealock This is failing CI because the changes output a warning before the project graph:

WARN  Issue while reading "/Users/ronrennick/Sites/wc/wp-content/woocommerce/.npmrc". Failed to replace env in config: ${NODE_AUTH_TOKEN}

Locally for me, NODE_AUTH_TOKEN is not set when running ci-jobs.

[psealock]

@ObliviousHarmony @rrennick I've changed this up such that authentication is set in the action itself instead of inside .npmrc. Without a package ready to publish I used an npm whoami call to test authentication. Below are updated test instructions.

1. Locally check to make sure other scripts don't attempt to set the token, pnpm utils ci-jobs should succeed without error.
2. See this run of the Publish action. Instead of running the publishing script, I call npm whoami which fails unless authentication works. Check the "Execute script" logs to confirm the output is correct, ~woocommerce.

woocommerce/.github/workflows/package-release.yml

Lines 35 to 38 in 5279d3d

	# run: ./tools/package-release/bin/dev publish ${{ github.event.inputs.packages }} --branch=${{ github.ref_name }} ${{ ( github.event.inputs.dry_run == 'true' && '--dry-run' ) || '' }} --skip-install
	run: |
	npm config set '//registry.npmjs.org/:_authToken' "${NODE_AUTH_TOKEN}"
	npm whoami

3. I reverted that test and replaced the publish script call, see that this makes sense.

[rrennick]

This tested great @psealock