From 2f7356b0f6c268c01abb5db378f5ede594d6d142 Mon Sep 17 00:00:00 2001 From: David Acevedo Date: Fri, 14 Jul 2023 10:29:47 -0500 Subject: [PATCH] feat(build): #834 npm registry tokens - allow passing tokens for private registries Signed-off-by: David Acevedo --- docs/src/api/extensions/node.js.md | 80 +++++++++++++++++++++++ src/args/make-node-js-modules/default.nix | 9 +++ 2 files changed, 89 insertions(+) diff --git a/docs/src/api/extensions/node.js.md b/docs/src/api/extensions/node.js.md index e84d8820..693933e4 100644 --- a/docs/src/api/extensions/node.js.md +++ b/docs/src/api/extensions/node.js.md @@ -60,6 +60,9 @@ Types: - shouldIgnoreScripts (`bool`): Optional. Enable to propagate the `--ignore-scripts true` flag to npm. Defaults to `false`. + - registryTokens (`attrsOf str`): Optional. + Tokens for dependencies to be fetched from private NPM registries. + Defaults to `{ }`. Example: @@ -130,6 +133,83 @@ Example: hello-world-npm ``` +Example with private registries: + +=== "package.json" + + ```json + # /path/to/my/project/makes/example/package.json + { + "dependencies": { + "@fortawesome/fontawesome-pro": "*" + } + } + ``` + +=== "package-lock.json" + + ```json + # /path/to/my/project/makes/example/package-lock.json + { + "requires": true, + "lockfileVersion": 1, + "dependencies": { + "@fortawesome/fontawesome-pro": { + "version": "6.4.0", + "resolved": "https://npm.fontawesome.com/@fortawesome/fontawesome-pro/-/6.4.0/fontawesome-pro-6.4.0.tgz", + "integrity": "sha512-VtoAOuV0KAjdO979RHGko5krp3UsKMnXH1SaHnQvlz4PcgErcsk5ZPugoMhc3sW5lkrRl8NnaGwkGzB3gzVSxQ==" + } + } + } + ``` + +=== "main.nix" + + ```nix + # /path/to/my/project/main.nix + { + makeNodeJsModules, + makeScript, + projectPath, + ... + }: + let + secrets = secretsForEnvFromSops = { + example = { + manifest = "/path/to/my/project/secrets.yaml"; + vars = [ "FONTAWESOME_PRO_TOKEN" ]; + }; + }; + fontawesome = makeNodeJsModules { + name = "fontawesome-pro-example"; + nodeJsVersion = "18"; + packageJson = projectPath "/path/to/my/project/package.json"; + packageLockJson = projectPath "/path/to/my/project/package-lock.json"; + registryTokens = { + "@fortawesome/fontawesome-pro": "FONTAWESOME_PRO_TOKEN" + }; + searchPaths.source = [ secrets.example ] + }; + in + makeScript { + replace = { + __argFontawesome__ = fontawesome; + }; + entrypoint = '' + ls __argFontawesome__ + ''; + name = "example"; + } + ``` + +=== "Invocation" + + ```bash + $ m . /example + + @fortawesome + ``` + ## makeNodeJsEnvironment Setup a `makeNodeJsModules` in the environment diff --git a/src/args/make-node-js-modules/default.nix b/src/args/make-node-js-modules/default.nix index e15ec8d3..c0eb8021 100644 --- a/src/args/make-node-js-modules/default.nix +++ b/src/args/make-node-js-modules/default.nix @@ -13,6 +13,7 @@ nodeJsVersion, packageJson, packageLockJson, + registryTokens ? {}, searchPaths ? {}, shouldIgnoreScripts ? false, }: let @@ -22,6 +23,10 @@ collectDependencies = deps: builtins.foldl' (all: name: let + registryToken = + if builtins.hasAttr name registryTokens + then builtins.getEnv registryTokens.${name} + else null; tarball = __nixpkgs__.fetchurl { hash = depAttrs.integrity; url = @@ -33,6 +38,10 @@ then depAttrs.version # Something pending to implement? else abort "Unable to fetch: ${name}"; + curlOptsList = + if registryToken == null + then [] + else ["--header" "Authorization: Bearer ${registryToken}"]; }; dep = depAttrs