Example showing how to use this to install private packages securely. (#56)
This commit is contained in:
parent
7a3ce83626
commit
ca2e28376a
1 changed files with 18 additions and 0 deletions
18
README.md
18
README.md
|
@ -83,6 +83,24 @@ steps:
|
|||
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
```
|
||||
|
||||
Use private packages:
|
||||
```yaml
|
||||
steps:
|
||||
- uses: actions/checkout@master
|
||||
- uses: actions/setup-node@v1
|
||||
with:
|
||||
node-version: '10.x'
|
||||
registry-url: 'https://registry.npmjs.org'
|
||||
# Skip post-install scripts here, as a malicious
|
||||
# script could steal NODE_AUTH_TOKEN.
|
||||
- run: npm install --ignore-scripts
|
||||
env:
|
||||
NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
|
||||
# `npm rebuild` will run all those post-install scritps for us.
|
||||
- run: npm rebuild && npm run prepare --if-present
|
||||
```
|
||||
|
||||
|
||||
# License
|
||||
|
||||
The scripts and documentation in this project are released under the [MIT License](LICENSE)
|
||||
|
|
Loading…
Reference in a new issue