Skip to content

Commit

Permalink
security: rotate npm credentials (#116)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ThisIsMissEm
ThisIsMissEm authored May 31, 2022
1 parent f538f03 commit a908dd1
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions .github/disabled-workflows/cd-teardown.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ jobs:
- name: Remove npm tag for the deleted branch
run: |
# Unfortunately GitHub Actions does not currently let us do something like
# if: secrets.NPM_TOKEN != ''
# if: secrets.INRUPT_NPM_TOKEN != ''
# so simply skip the command if the env var is not set:
if [ -n $NODE_AUTH_TOKEN ]; then npm dist-tag rm @inrupt/solid-client-errors $TAG_SLUG; fi
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.INRUPT_NPM_TOKEN }}
- run: echo "Package tag [$TAG_SLUG] unpublished."
4 changes: 2 additions & 2 deletions .github/disabled-workflows/cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,15 +87,15 @@ jobs:
if: github.actor != 'dependabot[bot]'
run: |
# Unfortunately GitHub Actions does not currently let us do something like
# if: secrets.NPM_TOKEN != ''
# if: secrets.INRUPT_NPM_TOKEN != ''
# so simply skip the command if the env var is not set:
if [ -z $NODE_AUTH_TOKEN ]; then echo "No npm token defined; package not published."; fi
if [ -n $NODE_AUTH_TOKEN ]; then npm publish --access public --tag "$TAG_SLUG"; fi
if [ -n $NODE_AUTH_TOKEN ]; then echo "Package published. To install, run:"; fi
if [ -n $NODE_AUTH_TOKEN ]; then echo ""; fi
if [ -n $NODE_AUTH_TOKEN ]; then echo " npm install @inrupt/solid-client-errors@$TAG_SLUG"; fi
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.INRUPT_NPM_TOKEN }}
TAG_SLUG: ${{ needs.prepare-deployment.outputs.tag-slug }}
- name: Mark GitHub Deployment as successful
if: github.actor != 'dependabot[bot]'
Expand Down
2 changes: 1 addition & 1 deletion .github/disabled-workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ jobs:
echo ""
echo " npm install @inrupt/solid-client-errors"
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NODE_AUTH_TOKEN: ${{ secrets.INRUPT_NPM_TOKEN }}
- name: Mark GitHub Deployment as successful
uses: octokit/[email protected]
with:
Expand Down

0 comments on commit a908dd1

Please sign in to comment.