Skip to content

Commit

Permalink
Example showing how to use this to install private packages securely. (
Browse files Browse the repository at this point in the history 
…actions#56)
  • Loading branch information
@jwalton
jwalton authored and Danny McCormick committed Sep 10, 2019
1 parent 7a3ce83 commit ca2e283
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,24 @@ steps:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
Use private packages:
```yaml
steps:
- uses: actions/checkout@master
- uses: actions/setup-node@v1
with:
node-version: '10.x'
registry-url: 'https://registry.npmjs.org'
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- run: npm install --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
# `npm rebuild` will run all those post-install scritps for us.
- run: npm rebuild && npm run prepare --if-present
```
# License
The scripts and documentation in this project are released under the [MIT License](LICENSE)
Expand Down

0 comments on commit ca2e283

Please sign in to comment.