Update description

Update README.md

.gitignore

@@ -1,2 +1,92 @@
+# Explicitly not ignoring node_modules so that they are included in package downloaded by runner
 !node_modules/
 __tests__/runner/*
+
+# Rest of the file pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+.env.test
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+
+# next.js build output
+.next
+
+# nuxt.js build output
+.nuxt
+
+# vuepress build output
+.vuepress/dist
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/

README.md

@@ -16,7 +16,7 @@ See [action.yml](action.yml)
 Basic:
 ```yaml
 steps:
-- uses: actions/checkout@master
+- uses: actions/checkout@v1
 - uses: actions/setup-node@v1
   with:
     node-version: '10.x'
@@ -34,7 +34,7 @@ jobs:
         node: [ '10', '8' ]
     name: Node ${{ matrix.node }} sample
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v1
       - name: Setup node
         uses: actions/setup-node@v1
         with:
@@ -46,7 +46,7 @@ jobs:
 Publish to npmjs and GPR with npm:
 ```yaml
 steps:
-- uses: actions/checkout@master
+- uses: actions/checkout@v1
 - uses: actions/setup-node@v1
   with:
     node-version: '10.x'
@@ -66,12 +66,11 @@ steps:
 Publish to npmjs and GPR with yarn:
 ```yaml
 steps:
-- uses: actions/checkout@master
+- uses: actions/checkout@v1
 - uses: actions/setup-node@v1
   with:
     node-version: '10.x'
     registry-url: <registry url>
-- run: npm install -g yarn
 - run: yarn install
 - run: yarn publish
   env:
@@ -84,6 +83,24 @@ steps:
     NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
 
+Use private packages:
+```yaml
+steps:
+- uses: actions/checkout@v1
+- uses: actions/setup-node@v1
+  with:
+    node-version: '10.x'
+    registry-url: 'https://registry.npmjs.org'
+# Skip post-install scripts here, as a malicious
+# script could steal NODE_AUTH_TOKEN.
+- run: npm install --ignore-scripts
+  env:
+    NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+# `npm rebuild` will run all those post-install scripts for us.
+- run: npm rebuild && npm run prepare --if-present
+```
+
+
 # License
 
 The scripts and documentation in this project are released under the [MIT License](LICENSE)

__tests__/__snapshots__/authutil.test.ts.snap

@@ -2,20 +2,30 @@
 
 exports[`installer tests Appends trailing slash to registry 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-registry=https://registry.npmjs.org/"
+registry=https://registry.npmjs.org/
+always-auth=false"
 `;
 
 exports[`installer tests Automatically configures GPR scope 1`] = `
 "npm.pkg.github.com/:_authToken=\${NODE_AUTH_TOKEN}
-@ownername:registry=npm.pkg.github.com/"
+@ownername:registry=npm.pkg.github.com/
+always-auth=false"
 `;
 
 exports[`installer tests Configures scoped npm registries 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-@myscope:registry=https://registry.npmjs.org/"
+@myscope:registry=https://registry.npmjs.org/
+always-auth=false"
+`;
+
+exports[`installer tests Sets up npmrc for always-auth true 1`] = `
+"//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
+registry=https://registry.npmjs.org/
+always-auth=true"
 `;
 
 exports[`installer tests Sets up npmrc for npmjs 1`] = `
 "//registry.npmjs.org/:_authToken=\${NODE_AUTH_TOKEN}
-registry=https://registry.npmjs.org/"
+registry=https://registry.npmjs.org/
+always-auth=false"
 `;

__tests__/authutil.test.ts

@@ -33,13 +33,13 @@ describe('installer tests', () => {
   });
 
   it('Sets up npmrc for npmjs', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org/');
+    await auth.configAuthentication('https://registry.npmjs.org/', 'false');
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
   });
 
   it('Appends trailing slash to registry', async () => {
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');
 
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
@@ -47,16 +47,22 @@ describe('installer tests', () => {
 
   it('Configures scoped npm registries', async () => {
     process.env['INPUT_SCOPE'] = 'myScope';
-    await auth.configAuthentication('https://registry.npmjs.org');
+    await auth.configAuthentication('https://registry.npmjs.org', 'false');
 
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
   });
 
   it('Automatically configures GPR scope', async () => {
-    await auth.configAuthentication('npm.pkg.github.com');
+    await auth.configAuthentication('npm.pkg.github.com', 'false');
 
     expect(fs.existsSync(rcFile)).toBe(true);
     expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
   });
+
+  it('Sets up npmrc for always-auth true', async () => {
+    await auth.configAuthentication('https://registry.npmjs.org/', 'true');
+    expect(fs.existsSync(rcFile)).toBe(true);
+    expect(fs.readFileSync(rcFile, {encoding: 'utf8'})).toMatchSnapshot();
+  });
 });

action.yml

@@ -1,7 +1,10 @@
-name: 'Setup Node.js environment'
-description: 'Setup a Node.js environment and add it to the PATH, additionally providing proxy support'
+name: 'Setup Node.js'
+description: 'Set up a specific version of Node.js and add the command-line tools to the PATH'
 author: 'GitHub'
 inputs:
+  always-auth:
+    description: 'Set always-auth in npmrc'
+    default: 'false'
   node-version:
     description: 'Version Spec of the version to use.  Examples: 10.x, 10.15.1, >=10.15.0'
     default: '10.x'
@@ -12,6 +15,7 @@ inputs:
 # Deprecated option, do not use. Will not be supported after October 1, 2019
   version:
     description: 'Deprecated. Use node-version instead. Will not be supported after October 1, 2019'
+    deprecationMessage: 'The version property will not be supported after October 1, 2019. Use node-version instead'
 runs:
   using: 'node12'
   main: 'lib/setup-node.js'

lib/authutil.js

@@ -12,15 +12,15 @@ const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
-function configAuthentication(registryUrl) {
+function configAuthentication(registryUrl, alwaysAuth) {
     const npmrc = path.resolve(process.env['RUNNER_TEMP'] || process.cwd(), '.npmrc');
     if (!registryUrl.endsWith('/')) {
         registryUrl += '/';
     }
-    writeRegistryToFile(registryUrl, npmrc);
+    writeRegistryToFile(registryUrl, npmrc, alwaysAuth);
 }
 exports.configAuthentication = configAuthentication;
-function writeRegistryToFile(registryUrl, fileLocation) {
+function writeRegistryToFile(registryUrl, fileLocation, alwaysAuth) {
     let scope = core.getInput('scope');
     if (!scope && registryUrl.indexOf('npm.pkg.github.com') > -1) {
         scope = github.context.repo.owner;
@@ -47,7 +47,8 @@ function writeRegistryToFile(registryUrl, fileLocation) {
     const registryString = scope
         ? `${scope}:registry=${registryUrl}`
         : `registry=${registryUrl}`;
-    newContents += `${authString}${os.EOL}${registryString}`;
+    const alwaysAuthString = `always-auth=${alwaysAuth}`;
+    newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;
     fs.writeFileSync(fileLocation, newContents);
     core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
     // Export empty node_auth_token so npm doesn't complain about not being able to find it

lib/setup-node.js

@@ -35,8 +35,9 @@ function run() {
                 yield installer.getNode(version);
             }
             const registryUrl = core.getInput('registry-url');
+            const alwaysAuth = core.getInput('always-auth');
             if (registryUrl) {
-                auth.configAuthentication(registryUrl);
+                auth.configAuthentication(registryUrl, alwaysAuth);
             }
             // TODO: setup proxy from runner proxy config
             const matchersPath = path.join(__dirname, '..', '.github');

package-lock.json

@@ -3628,9 +3628,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.11",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz",
-      "integrity": "sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==",
+      "version": "4.17.15",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
+      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
       "dev": true
     },
     "lodash.get": {

src/authutil.ts

@@ -4,7 +4,7 @@ import * as path from 'path';
 import * as core from '@actions/core';
 import * as github from '@actions/github';
 
-export function configAuthentication(registryUrl: string) {
+export function configAuthentication(registryUrl: string, alwaysAuth: string) {
   const npmrc: string = path.resolve(
     process.env['RUNNER_TEMP'] || process.cwd(),
     '.npmrc'
@@ -13,10 +13,14 @@ export function configAuthentication(registryUrl: string) {
     registryUrl += '/';
   }
 
-  writeRegistryToFile(registryUrl, npmrc);
+  writeRegistryToFile(registryUrl, npmrc, alwaysAuth);
 }
 
-function writeRegistryToFile(registryUrl: string, fileLocation: string) {
+function writeRegistryToFile(
+  registryUrl: string,
+  fileLocation: string,
+  alwaysAuth: string
+) {
   let scope: string = core.getInput('scope');
   if (!scope && registryUrl.indexOf('npm.pkg.github.com') > -1) {
     scope = github.context.repo.owner;
@@ -45,7 +49,8 @@ function writeRegistryToFile(registryUrl: string, fileLocation: string) {
   const registryString: string = scope
     ? `${scope}:registry=${registryUrl}`
     : `registry=${registryUrl}`;
-  newContents += `${authString}${os.EOL}${registryString}`;
+  const alwaysAuthString: string = `always-auth=${alwaysAuth}`;
+  newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;
   fs.writeFileSync(fileLocation, newContents);
   core.exportVariable('NPM_CONFIG_USERCONFIG', fileLocation);
   // Export empty node_auth_token so npm doesn't complain about not being able to find it

src/setup-node.ts

@@ -19,8 +19,9 @@ async function run() {
     }
 
     const registryUrl: string = core.getInput('registry-url');
+    const alwaysAuth: string = core.getInput('always-auth');
     if (registryUrl) {
-      auth.configAuthentication(registryUrl);
+      auth.configAuthentication(registryUrl, alwaysAuth);
     }
 
     // TODO: setup proxy from runner proxy config