GitHub Action failing to find NPM_TOKEN

[theAdhocracy]

I'm trying to switch from publishing directly to npm (which worked fine) to using GitHub Packages with an organisation scoped package name.

I've changed my package name in package.json, added the necessary publishConfig e.g.

"publishConfig": {
    "registry": "https://npm.pkg.github.com"
  },

And changed my Action steps to use NODE_AUTH_TOKEN instead of NPM_TOKEN as per the docs, but when I merge a branch and trigger the action I get the following warning and the package is never published (though version tags and changelog are updated, so annoyingly it doesn't flag as a failed run):

 ✔  success   Wrote authentication token string to /home/runner/.npmrc
⚠  warning   Error: Failed to replace env in config: ${NPM_TOKEN}

NPM_TOKEN is set in my repository Secrets on GitHub.

Here's the Action setup:

name: Publish

on:
  push:
    branches: [main]

jobs:
  release:
    runs-on: ubuntu-latest

    # this check needs to be in place to prevent a publish loop with auto and github actions
    if: "!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')"

    steps:
      - uses: actions/checkout@v2
        with:
          # Needed for branch protection override
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Prepare repository
        run: git fetch --unshallow --tags

      - name: Use Node.js 12.x
        uses: actions/setup-node@v1
        with:
          node-version: 12.x

      - name: Cache node modules
        uses: actions/cache@v2
        with:
          path: node_modules
          key: node-modules-${{ hashFiles('package-lock.json') }}
          restore-keys: |
            node-modules-${{ hashFiles('package-lock.json') }}

      - name: Create release
        env
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          npm ci
          npm run build
          npm run release

[hipstersmoothie]

There are extra instructions for publishing to the GitHub package registry.

You need to use your GitHub token to publish since you're not publishing to NPM anymore

NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

[hipstersmoothie]

Here is an example repo where it's working.

[theAdhocracy]

@hipstersmoothie Many thanks for the help. I see the docs have been updated since I originally set up the Action, but it seems like they still don't include all the steps. I had to add these lines to my Node setup as well (noticed in your demo repo):

with:
          node-version: 14.x
          registry-url: 'https://npm.pkg.github.com'
          scope: '@whiteorg'

I was also still seeing the NPM_TOKEN warning message. Adding it back in as an environment secret appears to have fixed that i.e.

- name: Create release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

Finally, with all that setup I was able to merge a PR and have Auto do it's thing, releasing a new package and updating version/changelog 🎉

However I had disabled branch protection whilst fiddling around; re-enabling it caused a new error where everytime Auto attempted to commit the version updates it would fail. I've worked around that by adding a new personal GitHub token and referencing that as a secret, instead of the default GITHUB_SECRET, like so:

- uses: actions/checkout@v2
        with:
          # Needed for branch protection override
          token: ${{ secrets.GH_ADMIN_TOKEN }}

Doesn't seem like the best solution, so if anyone knows of a better one I'd appreciate it. Alternatively, I think the docs may need updating here: https://intuit.github.io/auto/docs/build-platforms/github-actions#running-with-branch-protection

[hipstersmoothie]

I've made a PR to improve those docs. Would you mind reviewing #1828?

[theAdhocracy]

Reviewed, couple of small suggestions but all looks good ☺Thanks again for all your help

[adierkens]

🚀 Issue was released in v10.16.8 🚀