Cleanup NPM_TOKEN references as not needed anymore given no private packages (#104)

-2

.devops/aws/src/app.ts

··· 137 137 'arn:aws:secretsmanager:us-east-2:361188080279:secret:datadog-api-key-Q82keP', 138 138 bullmqSecret: 139 139 'arn:aws:secretsmanager:us-east-2:361188080279:secret:npm-taskforcesh-token-SBzopm', 140 - npmCiTokenSecret: 141 - 'arn:aws:secretsmanager:us-east-2:361188080279:secret:npm-ci-install-token-wq4LVq', 142 140 Prod: { 143 141 datadogRedisSecret: 144 142 'arn:aws:secretsmanager:us-east-2:361188080279:secret:prod/api/datadog-redis-5MVpFr',

-1

.devops/aws/src/stacks/api-service/api.ts

··· 186 186 invalidation: { buildArgs: false }, 187 187 buildArgs: { 188 188 BUILD_ID: process.env.CODEBUILD_RESOLVED_SOURCE_VERSION ?? '', 189 - NPM_TOKEN: process.env.NPM_TOKEN ?? '', 190 189 }, 191 190 platform: Platform.LINUX_AMD64, 192 191 });

-1

.devops/aws/src/stacks/api-service/jobs_workers.ts

··· 103 103 invalidation: { buildArgs: false }, 104 104 buildArgs: { 105 105 BUILD_ID: process.env.CODEBUILD_RESOLVED_SOURCE_VERSION ?? '', 106 - NPM_TOKEN: process.env.NPM_TOKEN ?? '', 107 106 }, 108 107 platform: Platform.LINUX_AMD64, 109 108 });

-1

.devops/aws/src/stacks/app_pipeline.ts

··· 53 53 vpnServerCertificate: string; 54 54 datadogSecret: string; 55 55 bullmqSecret: string; 56 - npmCiTokenSecret: string; 57 56 } & { [K in DeploymentEnvironmentName]: EnvSpecificArns }; 58 57 }; 59 58

-1

.devops/aws/src/stacks/cloudfront/cloudfront.ts

··· 133 133 bundling: { 134 134 image: cdk.DockerImage.fromBuild(`${repoRootDir}/client`, { 135 135 buildArgs: { 136 - NPM_TOKEN: process.env.NPM_TOKEN as string, 137 136 REACT_APP_OTEL_EXPORTER_OTLP_TRACES_ENDPOINT: 138 137 props.otelCollectorUrl, 139 138 },

-5

.devops/aws/src/stacks/migrations.ts

··· 2 2 import { DockerImageAsset, Platform } from 'aws-cdk-lib/aws-ecr-assets'; 3 3 import type { Construct } from 'constructs'; 4 4 5 - import { safeGetEnvVar } from '../../../../server/iocContainer/utils.js'; 6 - 7 5 export class MigrationStack extends cdk.Stack { 8 6 public readonly image: DockerImageAsset; 9 7 constructor(scope: Construct, id: string, props: cdk.StackProps) { ··· 12 10 directory: '../migrator', 13 11 platform: Platform.LINUX_AMD64, 14 12 ignoreMode: cdk.IgnoreMode.DOCKER, 15 - buildArgs: { 16 - NPM_TOKEN: safeGetEnvVar('NPM_TOKEN'), 17 - }, 18 13 }); 19 14 } 20 15 }

-1

.devops/migrator/.dockerignore

··· 7 7 !src/ 8 8 !package*.json 9 9 !tsconfig.json 10 - !.npmrc

-1

.devops/migrator/.npmrc

··· 1 - //registry.npmjs.org/:_authToken=${NPM_TOKEN}

+1 -5

.devops/migrator/Dockerfile

··· 2 2 3 3 WORKDIR /app 4 4 5 - ARG NPM_TOKEN 6 - 7 - COPY .npmrc . 8 - 9 5 COPY package*.json . 10 6 11 7 # Install dependencies 12 - RUN --mount=type=cache,target=/root/.npm NPM_TOKEN=$NPM_TOKEN npm ci 8 + RUN --mount=type=cache,target=/root/.npm npm ci 13 9 14 10 COPY . . 15 11

+3 -13

.github/workflows/apply_pr_checks.yaml

··· 34 34 node-version-file: '.nvmrc' 35 35 check-latest: true 36 36 cache: 'npm' 37 - - env: 38 - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 39 - run: npm ci 37 + - run: npm ci 40 38 - name: Generate graphql 41 39 run: | 42 40 npm run generate ··· 62 60 cache: 'npm' 63 61 64 62 - name: Install dependencies in root and client directory 65 - env: 66 - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 67 63 run: | 68 64 npm ci 69 65 cd client 70 - cp ../.npmrc . 71 66 npm ci 72 67 73 68 - name: Run Betterer tests ··· 161 156 runs-on: ubuntu-latest 162 157 timeout-minutes: 15 163 158 env: 164 - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 165 159 SNOWFLAKE_DB_NAME: CI_DB_${{ github.run_id }} 166 160 steps: 167 161 - name: Checkout code ··· 171 165 run: docker compose run --quiet-pull lint 172 166 173 167 - name: Build server 174 - run: DOCKER_BUILDKIT=1 docker build . --target build_backend --build-arg NPM_TOKEN=$NPM_TOKEN 168 + run: DOCKER_BUILDKIT=1 docker build . --target build_backend 175 169 176 170 - name: Migrate CI DBs and Test 177 171 run: | ··· 204 198 uses: actions/checkout@v4 205 199 206 200 - name: Lint client 207 - env: 208 - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 209 201 run: docker compose run --quiet-pull lint-client 210 202 211 203 - name: Build client 212 - env: 213 - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 214 204 # Without DOCKER_BUILDKIT we'll attempt to build the backend as well 215 - run: DOCKER_BUILDKIT=1 docker build client --build-arg NPM_TOKEN=$NPM_TOKEN 205 + run: DOCKER_BUILDKIT=1 docker build client 216 206 217 207

-1

.npmrc

··· 1 - //registry.npmjs.org/:_authToken=${NPM_TOKEN}

+2 -6

Dockerfile

··· 10 10 FROM node:24-bullseye-slim AS server_base 11 11 WORKDIR /app 12 12 13 - ARG NPM_TOKEN 14 13 # Append "--build-arg OMIT_SNOWFLAKE='true'" to your call to avoid installing 15 14 # optional snowflake-promise dependency 16 15 ARG OMIT_SNOWFLAKE 17 16 18 - COPY [".npmrc", "./"] 19 17 COPY ["server/package.json", "server/package-lock.json", "./"] 20 18 RUN if [ "$OMIT_SNOWFLAKE" = "true" ]; then \ 21 19 npm pkg set overrides.snowflake-promise='npm:empty-module@^1.0.0'; \ 22 20 fi 23 - RUN NPM_TOKEN=$NPM_TOKEN npm ci 21 + RUN npm ci 24 22 COPY ["server", "./"] 25 23 26 24 FROM server_base AS build_backend ··· 30 28 FROM node:24-bullseye-slim AS backend_base 31 29 WORKDIR /app 32 30 RUN apt-get update && apt-get install dumb-init 33 - COPY [".npmrc", "./"] 34 31 COPY --from=build_backend ["/app/package.json", "/app/package-lock.json", "./"] 35 - ARG NPM_TOKEN 36 - RUN NPM_TOKEN=$NPM_TOKEN npm ci --omit=dev 32 + RUN npm ci --omit=dev 37 33 COPY --from=build_backend /app/transpiled ./ 38 34 39 35 # See https://github.com/Yelp/dumb-init

-1

client/.dockerignore

··· 2 2 3 3 !src/ 4 4 !public/ 5 - !.npmrc 6 5 !craco.config.js 7 6 !package*.json 8 7 !postcss.config.js

-1

client/.npmrc

··· 1 - //registry.npmjs.org/:_authToken=${NPM_TOKEN}

+1 -4

client/Dockerfile

··· 7 7 ARG BUILD_ID 8 8 ENV BUILD_ID=$BUILD_ID 9 9 10 - ARG NPM_TOKEN 11 - 12 - COPY .npmrc . 13 10 COPY package*.json . 14 - RUN --mount=type=cache,target=/root/.npm NPM_TOKEN=$NPM_TOKEN npm ci 11 + RUN --mount=type=cache,target=/root/.npm npm ci 15 12 16 13 COPY . . 17 14 FROM client_base

-7

docker-compose.yaml

··· 26 26 # migrations 27 27 - MIGRATOR_DB_NAME 28 28 - CLICKHOUSE_DATABASE 29 - - NPM_TOKEN 30 29 volumes: 31 30 - .:/src 32 31 depends_on: ··· 54 53 # drop_dbs 55 54 - CLICKHOUSE_DATABASE 56 55 - MIGRATOR_DB_NAME 57 - - NPM_TOKEN 58 56 volumes: 59 57 - .:/src 60 58 depends_on: ··· 154 152 dockerfile: Dockerfile 155 153 target: server_base 156 154 args: 157 - - NPM_TOKEN 158 155 - OMIT_SNOWFLAKE 159 156 command: bash -c 'npm run test:ci' 160 157 working_dir: /app ··· 177 174 context: . 178 175 dockerfile: Dockerfile 179 176 target: server_base 180 - args: 181 - - NPM_TOKEN 182 177 command: npm run lint 183 178 184 179 lint-client: 185 180 build: 186 181 context: client 187 182 target: client_base 188 - args: 189 - - NPM_TOKEN 190 183 command: npm run lint 191 184 volumes: 192 185 - ./client/eslint:/app/eslint

-1

scripts/publish-packages.sh

··· 76 76 echo "Next steps:" 77 77 echo "1. Run 'npm install' in server/ and client/ directories to update dependencies" 78 78 echo "2. The GitHub Action will automatically publish future changes when you push to main/OSS branches" 79 - echo "3. Make sure to add NPM_TOKEN secret to your GitHub repository for automated publishing"

Configure Feed

Configure Feed