I recently needed to find a way to publish packages to NPM automatically and since all my projects are hosted on GitHub I thought why not using GitHub actions? In this article I explain how to do that in 3 simple steps!
👉🏻 Pssst... you can also check some real life examples:
Generate a new token on NPM
First of all you need to create a new NPM token that will be used to publish packages to NPM.
From NPM dashboard open main menu and select "Access token", then click on "Generate new token"
select "Automation" token to bypass two-factor authentication when publishing
then copy your token, it will be used as a GitHub secret as explained in the next section
Store your token as a GitHub secret
GitHub Actions can access your GitHub secrets, so that's the perfect place where to store your token!
Under "Settings" -> "Secrets" click on "New repository secret" and add your NPM Token your previously copied (in this example I use NPM_TOKEN
label to identify it)
Now it's time to write some code and create a new action to publish your package!
Write your action
Create a new GitHub Action publish.yml
inside your project under .github/workflows
.
name: Publish to NPM
on:
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Node
uses: actions/setup-node@v2
with:
node-version: '14.x'
registry-url: 'https://registry.npmjs.org'
- name: Install dependencies and build 🔧
run: npm ci && npm run build
- name: Publish package on NPM 📦
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
This action should run only when you create a new release on GitHub
on:
release:
types: [created]
The steps it executes are really clear:
- Checkout code
- Setup Node.js environment (using Node.js 14.x here)
- Install dependencies and build your package (if needed)
- Publish to NPM! As you can see this step uses our
NPM_TOKEN
secret to initializeNODE_AUTH_TOKEN
env variable
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Publish package to NPM 📦</span>
<span class="na">run</span><span class="pi">:</span> <span class="s">npm publish</span>
<span class="na">env</span><span class="pi">:</span>
<span class="na">NODE_AUTH_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.NPM_TOKEN }}</span>
Create a new release
In order to see your action running, you need to create a new release on GitHub.
After that your package will be successfully published to NPM 🎉
Top comments (10)
Thank you for sharing, I was able to publish my package by following your guide
I got this error can someone help me ?
github.com/vitabletec/general-js-t...
Successfully compiled 3 files with Babel (545ms).
npm notice
npm notice 📦 general-js-toolkit@1.0.1
npm notice === Tarball Contents ===
npm notice 1.9kB dist/test/util.spec.js
npm notice 401B dist/index.js
npm notice 10.8kB dist/util.js
npm notice 2.2kB package.json
npm notice 1.8kB readme.md
npm notice === Tarball Details ===
npm notice name: general-js-toolkit
npm notice version: 1.0.1
npm notice filename: general-js-toolkit-1.0.1.tgz
npm notice package size: 5.1 kB
npm notice unpacked size: 17.2 kB
npm notice shasum: 18c7147b68eb2c56a968bfb6bd41be4321425571
npm notice integrity: sha512-CVl0X9wdh/hlh[...]VPdCmFSytoGNA==
npm notice total files: 5
npm notice
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using
npm adduser
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2023-03-23T13_22_53_572Z-debug-0.log
Error: Process completed with exit code 1.
[debug]Finishing: Build and publish
finally got it!!!
registry-url: "https://registry.npmjs.org"
is important! see ! so make sure to include it.sharing my final workflow, which works with pnpm workspaces with cache:
protip: instead of using all the disparate setup this setup that actions (and then most likely not replicating that in local dev)....
just use asdf locally and then asdf-vm/actions/install@v3 in your worfklow.
Now your entire toolchain is versioned by one file
.tool-versions
and your local dev will always match your ci toolchain and vice versa.common
.tool-versions
I use is:#friendsdontletfriendsusenvm
In github repo at right side it will show publish your package.
At that place does npm package url will gets updated??
No that section is related to GitHub packages, in case you use GitHub's packaging system.. I usually hide that section from settings if I publish packages to NPM.
Got it.
Thank you
Should you be using
npm ci && npm run build
?+1 for CI! Thanks!
Tyvm, this has helped me a ton :)