目录
在 CI/CD 工作流中使用私有包
目录
你可以使用访问令牌通过持续集成 (CI) 系统测试私有 npm 包,或使用持续部署 (CD) 系统部署它们。
¥You can use access tokens to test private npm packages with continuous integration (CI) systems, or deploy them using continuous deployment (CD) systems.
创建新的访问令牌
¥Create a new access token
创建一个仅用于从 CI/CD 服务器访问 npm 包的新访问令牌。
¥Create a new access token that will be used only to access npm packages from a CI/CD server.
持续集成
¥Continuous integration
在生成用于持续集成环境的访问令牌时,我 们建议使用具有有限访问权限的粒度访问令牌以提供更高的安全性。
¥When generating an access token for use in a continuous integration environment, we recommend using a granular access token with limited access to provide greater security.
如果你改用旧版令牌,则默认情况下,npm token create
将生成具有读写权限的令牌。我们建议创建一个只读令牌:
¥If you use a legacy token instead, by default, npm token create
will generate a token with both read and write permissions. We recommend creating a read-only token:
npm token create --read-only
有关创建访问令牌(包括 CIDR 白名单令牌)的更多信息,请参阅“创建访问令牌”。
¥For more information on creating access tokens, including CIDR-whitelisted tokens, see "Creating an access token".
持续部署
¥Continuous deployment
由于持续部署环境通常涉及创建部署工件,因此你可能希望在网站上创建一个 自动化令牌。即使你的账户启用了双重身份验证,这也将允许你发布。
¥Since continuous deployment environments usually involve the creation of a deploy artifact, you may wish to create an automation token on the website. This will allow you to publish even if you have two-factor authentication enabled on your account.
交互式工作流程
¥Interactive workflows
如果你的工作流程生成了一个包,但你在验证后手动发布它,那么你将需要创建一个具有读写权限的令牌,这些权限是通过标准令牌创建命令授予的:
¥If your workflow produces a package, but you publish it manually after validation, then you will want to create a token with read and write permissions, which are granted with the standard token creation command:
npm token create
CIDR 白名单
¥CIDR whitelists
为了提高安全性,你可以使用只能在特定 IP 地址范围内使用的 CIDR 白名单令牌。你可以将 CIDR 白名单与读取和发布令牌或只读令牌一起使用:
¥For increased security, you may use a CIDR-whitelisted token that can only be used from a certain IP address range. You can use a CIDR whitelist with a read and publish token or a read-only token:
npm token create --cidr=[list]npm token create --read-only --cidr=[list]
示例:
¥Example:
npm token create --cidr=192.0.2.0/24
欲了解更多信息,请参阅“创建和查看身份验证令牌”。
¥For more information, see "Creating and viewing authentication tokens".
将令牌设置为 CI/CD 服务器上的环境变量
¥Set the token as an environment variable on the CI/CD server
在 CI/CD 服务器中将你的令牌设置为环境变量或密钥。
¥Set your token as an environment variable, or a secret, in your CI/CD server.
例如,在 GitHub Actions 中,你将 添加你 的令牌作为密码。然后,你可以将秘密提供给工作流。
¥For example, in GitHub Actions, you would add your token as a secret. Then you can make the secret available to workflows.
如果你将密钥命名为 NPM_TOKEN
,那么你将希望从该密钥创建一个名为 NPM_TOKEN
的环境变量。
¥If you named the secret NPM_TOKEN
, then you would want to create an environment variable named NPM_TOKEN
from that secret.
steps:- run: |npm install- env:NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
有关更多详细信息,请参阅 CI/CD 服务器的文档。
¥Consult your CI/CD server's documentation for more details.