Commit 50ebe6a1 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch 'feat/multi-auth-methods' into 'master' 

feat: support multiple auth methods

See merge request to-be-continuous/angular!54
parents 56557684 1774ce73

README.md

+7 −2
Original line number Diff line number Diff line
@@ -30,7 +30,11 @@ The Angular template uses some global configuration used throughout all jobs. 
You may configure [scoped registries](https://docs.npmjs.com/cli/v8/using-npm/scope#associating-a-scope-with-a-registry) with the `$NPM_CONFIG_SCOPED_REGISTRIES` variable.

The value is expected as a (whitespace-separated) list of `@registry_scope:registry_url`.



The Angular template also supports authentication tokens for each, simply by defining `NPM_REGISTRY_<SCOPE>_AUTH` (as project or group secret variables).

The Angular template also supports authentication for each, simply by defining the appropriate variable (as project or group secret variables) 

depending on the desired authentication method:



* `NPM_REGISTRY_<SCOPE>_AUTH_TOKEN`: authentication token

* `NPM_REGISTRY_<SCOPE>_AUTH_BASIC`: base64 authentication string (`base64(username + ':' +  password)`)



:warning: The `<SCOPE>` part is the `registry_scope` transformed in [SCREAMING_SNAKE_CASE](https://en.wikipedia.org/wiki/Snake_case) (uppercase words separated by underscores).
@@ -39,7 +43,7 @@ Example: declare the GitLab chart repository from another GitLab project 
```yml

variables:

  NPM_CONFIG_SCOPED_REGISTRIES: "@public-repo:https://public.npm.registry/some/repo @priv-repo:https://private.npm.registry/another/repo"

  # NPM_REGISTRY_PRIV_REPO_AUTH set as a project secret variables

  # NPM_REGISTRY_PRIV_REPO_AUTH_TOKEN set as a project secret variables

```



## Jobs
@@ -316,6 +320,7 @@ It uses the following variables: 
| `NG_PUBLISH_ARGS`          | NPM [publish](https://docs.npmjs.com/cli/v6/commands/npm-publish) arguments | _none_ |

| `NPM_PUBLISH_REGISTRY`     | npm registry to publish to | uses GitLab project npm packages registry      | _none_ |

| :lock: `NPM_PUBLISH_TOKEN` | NPM publication registry authentication token                               | _none_ |

| :lock: `NPM_PUBLISH_AUTH`  | NPM publication registry basic authentication (base64)                      | _none_ |



:warning: When using the gitlab registry (which is the default behavior), your NPM package name must be in the format of `@scope/package-name`:

templates/gitlab-ci-angular.yml

+45 −28
Original line number Diff line number Diff line
@@ -342,6 +342,36 @@ stages: 
    fi

  }



  function configure_scoped_registries() {

    if [[ "$NPM_CONFIG_SCOPED_REGISTRIES" ]]

    then

      for scoped_registry in $NPM_CONFIG_SCOPED_REGISTRIES

      do

        reg_scope=${scoped_registry%%:*}

        reg_url=${scoped_registry#*:}

        log_info "  ... set scope \\e[33;1m${reg_scope}\\e[0m with registry: $reg_url"

        npm config set "${reg_scope}:registry" "${reg_url}"

        reg_scope_ssc=$(echo "$reg_scope" | tr '[:lower:]' '[:upper:]' | tr -d '@' | tr '[:punct:]' '_')

        reg_auth_token=$(eval echo "\$NPM_REGISTRY_${reg_scope_ssc}_AUTH_TOKEN")

        reg_auth_token_legacy=$(eval echo "\$NPM_REGISTRY_${reg_scope_ssc}_AUTH")

        reg_auth_basic=$(eval echo "\$NPM_REGISTRY_${reg_scope_ssc}_AUTH_BASIC")

        reg_url_no_proto=${reg_url#*:}

        if [[ "${reg_auth_token:-$reg_auth_token_legacy}" ]]

        then

          log_info "  ... set auth token for scope \\e[33;1m${reg_scope}\\e[0m registry"

          if [[ -z "$reg_auth_token" ]]; then

            log_warn "  ... auth token should be configured with \\e[33;1m\$NPM_REGISTRY_${reg_scope_ssc}_AUTH_TOKEN\\e[0m instead of \$NPM_REGISTRY_${reg_scope_ssc}_AUTH"

          fi

          npm config set "${reg_url_no_proto%/}/:_authToken" "${reg_auth_token:-$reg_auth_token_legacy}"

        elif [[ "${reg_auth_basic}" ]]

        then

          log_info "  ... set basic auth for scope \\e[33;1m${reg_scope}\\e[0m registry"

          npm config set "${reg_url_no_proto%/}/:_auth" "${reg_auth_basic}"

        fi

      done

    fi

  }



  function configure_gitlab_instance_level_npm_registry_auth() {

    npm config set "//${CI_SERVER_HOST}/api/v4/packages/npm/:_authToken" "${CI_JOB_TOKEN}"

  }
@@ -354,11 +384,12 @@ stages: 
    publish_registry=${NPM_PUBLISH_REGISTRY}

    if [[ "${publish_registry}" ]]; then

      log_info "configured publish registry: ${publish_registry}"

      reg_url_no_proto=${publish_registry#*:}

      if [[ "$NPM_PUBLISH_TOKEN" ]]; then

        shopt -s extglob

        npm_publish_registry_host_and_path=${publish_registry/#http?(s):/}

        shopt -u extglob

        npm config set "${npm_publish_registry_host_and_path}:_authToken" "${NPM_PUBLISH_TOKEN}"

        npm config set "${reg_url_no_proto}:_authToken" "${NPM_PUBLISH_TOKEN}"

      fi

      if [[ "$NPM_PUBLISH_AUTH" ]]; then

        npm config set "${reg_url_no_proto}:_auth" "${NPM_PUBLISH_AUTH}"

      fi

    else

      compute_gitlab_registry_url
@@ -392,7 +423,6 @@ stages: 
    done



    for project in ${projects_to_publish}; do



      projectTypeSelector="projects['${project}'].projectType"

      projectType=$(node -pe "require('${angular_json}').${projectTypeSelector}")
@@ -415,12 +445,15 @@ stages: 
        # we generate one with the global package.json version

        if [ ! -f "${projectOutputDir}/package.json" ]; then

          global_version=$(node -pe "require('${package_json}').version")

          cat > "${projectOutputDir}"/package.json <<- EOF

          {

    "name": "${project}",

    "version": "${global_version}"

  }

  EOF

            echo '{'

            echo "  \"name\": \"${project}\""

            echo "  , \"version\": \"${global_version}\""

            if [[ "$NPM_PUBLISH_REGISTRY" ]]; then

              echo "  , \"publishConfig\": {\"registry\": \"${NPM_PUBLISH_REGISTRY}\"}"

            fi

            echo '}'

          } > "${projectOutputDir}/package.json"

        fi

        ;;

      esac
@@ -460,24 +493,8 @@ stages: 
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    # NPM_CONFIG_REGISTRY is not supported by old npm versions: force with cli

    - if [[ "$NPM_CONFIG_REGISTRY" ]]; then npm config set registry $NPM_CONFIG_REGISTRY; fi

    - |

      if [[ "$NPM_CONFIG_SCOPED_REGISTRIES" ]];

      then

        for scoped_registry in $NPM_CONFIG_SCOPED_REGISTRIES

        do

          reg_scope=${scoped_registry%%:*}

          reg_url=${scoped_registry#*:}

          npm config set "${reg_scope}:registry" "${reg_url}"

          reg_scope_ssc=$(echo "$reg_scope" | tr '[:lower:]' '[:upper:]' | tr -d '@' | tr '[:punct:]' '_')

          reg_auth=$(eval echo "\$NPM_REGISTRY_${reg_scope_ssc}_AUTH")

          if [[ "${reg_auth}" ]]

          then

            reg_url_no_proto=${reg_url#*:}

            npm config set "${reg_url_no_proto}:_authToken" "${reg_auth}"

          fi

        done

      fi

    - configure_gitlab_instance_level_npm_registry_auth

    - configure_scoped_registries

    - npm ci --cache .npm --prefer-offline $NG_INSTALL_EXTRA_OPTS



###############################################################################################