diff --git a/.github/workflows/PR-Auto-Deploy-V2.yml b/.github/workflows/PR-Auto-Deploy-V2.yml index 2dbcd3260..dc35f4913 100644 --- a/.github/workflows/PR-Auto-Deploy-V2.yml +++ b/.github/workflows/PR-Auto-Deploy-V2.yml @@ -270,6 +270,8 @@ jobs: tags: ${{ secrets.DOCKER_HUB_USERNAME }}/test:v2-frontend-${{ steps.commit-hashes.outputs.frontend_short }} build-args: VERSION_TAG=v2-alpha platforms: linux/amd64 + secrets: | + npmrc=//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} - name: Build and push V2 backend image if: steps.check-backend.outputs.exists == 'false' diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0e38b82fb..509bf37e4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -145,12 +145,18 @@ jobs: node-version: '20' cache: 'npm' cache-dependency-path: frontend/package-lock.json + - name: Configure npm with token (if available) + if: secrets.NPM_TOKEN != '' + run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - name: Install frontend dependencies run: cd frontend && npm ci - name: Build frontend run: cd frontend && npm run build - name: Run frontend tests run: cd frontend && npm run test -- --run + - name: Clean up npmrc + if: always() && secrets.NPM_TOKEN != '' + run: rm -f ~/.npmrc - name: Upload frontend build artifacts uses: actions/upload-artifact@v4.6.2 with: diff --git a/.github/workflows/deploy-on-v2-commit.yml b/.github/workflows/deploy-on-v2-commit.yml index f2f90ccfa..78af03d7c 100644 --- a/.github/workflows/deploy-on-v2-commit.yml +++ b/.github/workflows/deploy-on-v2-commit.yml @@ -103,6 +103,8 @@ jobs: ${{ secrets.DOCKER_HUB_USERNAME }}/test:v2-frontend-latest build-args: VERSION_TAG=v2-alpha platforms: linux/amd64 + secrets: | + npmrc=//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }} - name: Build and push backend image if: steps.check-backend.outputs.exists == 'false' diff --git a/.github/workflows/frontend-licenses-update.yml b/.github/workflows/frontend-licenses-update.yml index ac8676c8a..ac2013e2d 100644 --- a/.github/workflows/frontend-licenses-update.yml +++ b/.github/workflows/frontend-licenses-update.yml @@ -51,6 +51,10 @@ jobs: cache: 'npm' cache-dependency-path: frontend/package-lock.json + - name: Configure npm with token (if available) + if: secrets.NPM_TOKEN != '' + run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc + - name: Install frontend dependencies working-directory: frontend run: npm ci @@ -58,6 +62,10 @@ jobs: - name: Generate frontend license report working-directory: frontend run: npm run generate-licenses + + - name: Clean up npmrc + if: always() && secrets.NPM_TOKEN != '' + run: rm -f ~/.npmrc - name: Check for license warnings run: | diff --git a/.github/workflows/testdriver.yml b/.github/workflows/testdriver.yml index 209ce7435..67d248d46 100644 --- a/.github/workflows/testdriver.yml +++ b/.github/workflows/testdriver.yml @@ -132,6 +132,10 @@ jobs: uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: cache: 'npm' + + - name: Configure npm with token (if available) + if: secrets.NPM_TOKEN != '' + run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - name: Run TestDriver.ai uses: testdriverai/action@f0d0f45fdd684db628baa843fe9313f3ca3a8aa8 #1.1.3 @@ -148,6 +152,10 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} FORCE_COLOR: "3" + + - name: Clean up npmrc + if: always() && secrets.NPM_TOKEN != '' + run: rm -f ~/.npmrc cleanup: needs: [deploy, test] diff --git a/docker/frontend/Dockerfile b/docker/frontend/Dockerfile index a220782b0..35971f975 100644 --- a/docker/frontend/Dockerfile +++ b/docker/frontend/Dockerfile @@ -6,14 +6,32 @@ WORKDIR /app # Copy package files COPY frontend/package*.json ./ -# Install dependencies -RUN npm ci +# Install dependencies (uses .npmrc secret if available, otherwise anonymous) +RUN --mount=type=secret,id=npmrc \ + set -e && \ + if [ -s /run/secrets/npmrc ]; then \ + echo "Using authenticated npm registry" && \ + echo "$(cat /run/secrets/npmrc)" > /root/.npmrc; \ + else \ + echo "Using anonymous npm registry (no token provided)"; \ + fi && \ + npm ci --loglevel=warn && \ + rm -f /root/.npmrc # Copy source code COPY frontend . -# Build the application -RUN npm run build +# Build the application (uses .npmrc secret if available, otherwise anonymous) +RUN --mount=type=secret,id=npmrc \ + set -e && \ + if [ -s /run/secrets/npmrc ]; then \ + echo "Using authenticated npm registry for build" && \ + echo "$(cat /run/secrets/npmrc)" > /root/.npmrc; \ + else \ + echo "Using anonymous npm registry for build (no token provided)"; \ + fi && \ + npm run build && \ + rm -f /root/.npmrc # Production stage FROM nginx:alpine diff --git a/frontend/README.md b/frontend/README.md index 115fcca84..f6b3e8168 100644 --- a/frontend/README.md +++ b/frontend/README.md @@ -71,4 +71,4 @@ This section has moved here: [https://facebook.github.io/create-react-app/docs/d ### `npm run build` fails to minify -This section has moved here: [https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify](https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify) +This section has moved here: [https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify](https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify) \ No newline at end of file