Skip to content

Commit ca2e283

Browse files
jwaltonDanny McCormick
authored and
Danny McCormick
committed
Example showing how to use this to install private packages securely. (#56)
1 parent 7a3ce83 commit ca2e283

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

README.md

+18
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,24 @@ steps:
8383
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8484
```
8585
86+
Use private packages:
87+
```yaml
88+
steps:
89+
- uses: actions/checkout@master
90+
- uses: actions/setup-node@v1
91+
with:
92+
node-version: '10.x'
93+
registry-url: 'https://registry.npmjs.org'
94+
# Skip post-install scripts here, as a malicious
95+
# script could steal NODE_AUTH_TOKEN.
96+
- run: npm install --ignore-scripts
97+
env:
98+
NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
99+
# `npm rebuild` will run all those post-install scritps for us.
100+
- run: npm rebuild && npm run prepare --if-present
101+
```
102+
103+
86104
# License
87105
88106
The scripts and documentation in this project are released under the [MIT License](LICENSE)

0 commit comments

Comments
 (0)