Publish to Github packages

[hssngl]

is there any solution to utilize this to automate publishing to Github packages.
we do many skips on version bumping. we want it to be harmonious with what we publish on npm.

[gr2m]

I don't think it makes sense to publish a package to both, the npm registry and GitHub's packages' registry. The latter falls back to the former. If you want to publish just to GitHub packages, you can do so with https://github.com/semantic-release/npm/ by configuring the registry (https://docs.npmjs.com/cli/v6/using-npm/registry#i-dont-want-my-package-published-in-the-official-registry-its-private)

[vozeldr]

When I attempt to publish to GitHub packages, I get npm ERR! 401 Unauthorized - PUT https://npm.pkg.github.com/@xxx- Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured. I am using this in my yaml file:

...
      - name: Build, Test and Publish REST Client
        working-directory: ./src/RestApi.Client
        run: |
          npm ci
          npm run generate /variables:Configuration=Release
          npm run build --if-present
          npm run test
          npx semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
...

[bcbrian]

NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}

This needs to be a different token one you generate that has access to write packages... I do not believe the generic GITHUB_TOKEN can do that by default.

According to the docs you might be able to adjust the token to have permissions.

[vozeldr]

Sorry, I forgot about this and didn't follow up after I "solved" it. The github token did work for me but I had to supply NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}. None of this was very clear in documentation, but I did eventually find something that led me to try that... I'm setting all 3 environment variables now to the github token, but I'm not sure if all 3 are actually needed.

[KurtGokhan]

I feel like setting only GITHUB_TOKEN and NPM_TOKEN was enough at some point. But that is not the case anymore. It stopped working for some reason. It works now after setting NODE_AUTH_TOKEN as well. NODE_AUTH_TOKEN is the env variable npm publish uses directly, so it makes sense that it works. But I wonder why it worked before without that. Maybe npm@6 allowed both NPM_TOKEN and NODE_AUTH_TOKEN but npm@7 does not?

[vozeldr]

For completeness, what seems to be working for me is something like this:

.github/semantic.yml

titleOnly: true

.github/workflows/develop-branch.yml (also in our master-branch.yml)

name: Build, Test and Package For Develop Branch

on:
  push:
    branches:
      - develop

jobs:    
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - uses: actions/setup-node@v1
        with:
          node-version: 15
          registry-url: https://npm.pkg.github.com/
          scope: "@..."
      - name: Build, Test and Publish REST Client
        working-directory: ./src/RestApi.Client
        run: |
          npm ci
          npm run generate /variables:Configuration=Release
          npm run build --if-present
          npm run test
          npx semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package.json

{
  "name": "@.../...",
  "version": "0.0.0-development",
  "description": "...",
  "main": "./build/index.js",
  "types": "./build/index.d.ts",
  "scripts": {
    ...
  },
  "repository": {
    "url": "github:.../..."
  },
  "publishConfig": {
    "registry": "https://npm.pkg.github.com"
  },
  "release": {
    "branches": [
      { "name": "master" },
      { "name": "develop", "channel": "beta", "prerelease": "beta" }
    ]
  }
}

I think those were all the relevant bits to get it to work.

[rafaelrenanpacheco]

The NPM_TOKEN env alone worked just fine up until we had to add the registry-url property to the actions/setup-node@v2 step. When using this property a .npmrc is created with the NODE_AUTH_TOKEN env, which I think renders useless the NPM_TOKEN afterwards.

In order to fix the semantic-release publish we replaced the NPM_TOKEN with the NODE_AUTH_TOKEN in the npx semantic-release step and everything worked again:

    - name: Publish
      run: npx semantic-release
      env:
        GH_TOKEN: ${{ secrets.GH_TOKEN }}
        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

[gabriel-brotas]

same error here