This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

NPM Registry

Authentication

We use the default NPM Registry to upload the packages. All developers use the same user on npm (user “tocconpm” with email admin@tocco.ch). To setup the authentication execute following command:

npm adduser

The password/OTP can be found on in the ansible vault.

Auth Token

To be able to publish a package locally/remote you need to add an Automation NPM Auth Token.

Set the generated token as environment variable NPMJS_AUTH_TOKEN. The .yarnrc.yml file is referencing this variable.

Gitlab CI

In Gitlab the variable NPMJS_AUTH_TOKEN is set as CI Variable that packages are automatically released.

This token must be rotated every 90 days as this is the maximum lifetime for a token with write access.

The following steps must be performed to rotate the token:

  • Login to npm with the tocconpm user (password/OTP can be found in Bitwarden)

  • Open access token overview)

  • Click “Generate New Token”

  • Set Token Name to Gitlab Auto-Release Pipeline YYYY-MM

  • Enable “Bypass two-factor authentication (2FA)”

  • Under Packages and scopes set “Read and write” permission to all packages

  • Set expiration to “90 days”

  • Generate token and copy it

  • Delete old token

  • Open tocco-clientgitlab ci variables

  • Edit variable NPMJS_AUTH_TOKEN and set the new token as value

  • Save changes

  • manually trigger the release pipeline to verify that the new token is working

Note

Self-hosted runners are not currently supported but are planned for future releases (see npm Docs). Once self-hosted runners are supported we should switch that we must not rotate the token every 90 days.