@contentful/npm-poc v1.0.18
JIRA Stories
Migrate existing packages
- Find all @contentful packages in npm:
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/-/user/contentful/package"
- Find all versions for each package.
curl -H "Authorization: Bearer $NPM_TOKEN" "https://registry.npmjs.org/@contentful/rich-text-types"
OR
npm view @contentful/rich-text-types versions
For each version run:
npm pack "<NAME>@VERSION" // e.g npm pack "@contentful/npm-poc@1.63.0"
npm access get status @contentful/locomotove // to get the package access to pubish with
npm publish npm publish ./<THE_PACKAGE_FROM_PACK_STEP> --access public // e.g npm publish contentful-npm-poc-1.63.0.tgz
This will require switching .npmrc files to read and publish packages.
There's a different approach taken here in a POC. It downloads the .tgz
for each tag in a repository and runs npm publish
with the downloaded file. The approach above maybe be better than this.
AC:
All packages and versions in NPM exist in GH packages with the same access (public/private) set. Script should be idempotent so we can re-run it and it will only add new versions.
Update Vault policies
The npm-read
, semantic-release
and semantic-release-ecosystem
policies will need to be updated or if we want to keep these ones for NPM, new ones created that provide GH_TOKEN with packages:read
for installing packages and packages:write
for publishing packages.
AC:
Vault provides tokens with permissions to read and publish packages to GH packages. We still have a policy with permissions publish NPM packages
Migrate #team-mechagodzilla to use GH packages.
Start by migtrating #team-mechagodzilla to use GH packages for development.
- Update CI pipelines to publish to GH packages. Example of publishing to GH packages.
- Update
.npmrc
for all engineers locally. - Document all changes that need to happen so we can provide a path to other teams.
- Can we use sourcegraph or repo-migrator to update pipelines or any other configuration If yes we will have another ticket for this.
AC:
team-mechagodzilla do not use NPM anymore. We have documentation on the changes that need to happen for other teams.
Documentation
Write complete documentation, migration guide and instructions for other teams to migrate to GH packages.
AC:
We have docs to give to other devs on the changes to make. Confluence/Roadie.
GH Action for public packages.
Provide a GH action that maintainers of public @contentful
packages can include in their workflows to mirror the package to npmjs when a new version is published.
AC:
public @contentful
packages are mirrored to npmjs when a new version is release.
Monitor NPM Possible?
Can we monitor how many tokens the NPM API is generating? Maybe show in Grafana. Then as teams migrate to GH packages we will know when NPM is not being used anymore and can start removing users and service accounts.
6 months ago
6 months ago
6 months ago
6 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
8 months ago
9 months ago
9 months ago