Add auth setup for private registry with scope (#16)

feat: add auth setup to private registry with scope
2025-02-23 02:30:26 +08:00 · 2023-11-01 06:17:17 -03:00 · 2023-11-01 06:17:17 -03:00 · 830e319e28
commit 830e319e28
parent 6be87460e3
7 changed files with 23030 additions and 3503 deletions
--- a/README.md
+++ b/README.md
@ -10,11 +10,31 @@ Download, install, and setup [Bun](https://bun.sh) in GitHub Actions.
    bun-version: latest
 ```

+### Setup custom registry-url and scope (for private packages)
+
+```yaml
+- uses: oven-sh/setup-bun@v1
+  with:
+    registry-url: "https://npm.pkg.github.com/"
+    scope: "@foo-bar"
+```
+
+After setting up the registry-url and scope, when installing step comes, inject the env to authenticate and install all packages from the private registry
+
+```yaml
+- name: Installing dependencies
+  env:
+    BUN_AUTH_TOKEN: ${{ secrets.MY_SUPER_SECRET_PAT }}
+  run: bun i
+```
+
 ## Inputs

-| Name          | Description                                 | Default  | Examples                   |
-| ------------- | ------------------------------------------- | -------- | -------------------------- |
-| `bun-version` | The version of Bun to download and install. | `latest` | `canary`, `1.0.0`, `<sha>` |
+| Name           | Description                                        | Default     | Examples                        |
+| -------------- | -------------------------------------------------- | ----------- | ------------------------------- |
+| `bun-version`  | The version of Bun to download and install.        | `latest`    | `canary`, `1.0.0`, `<sha>`      |
+| `registry-url` | Registry URL where some private package is stored. | `undefined` | `"https://npm.pkg.github.com/"` |
+| `scope`        | Scope for private pacakages                        | `undefined` | `"@foo-bar"`, `"@orgname"`      |

 ## Outputs

--- a/action.yml
+++ b/action.yml
@ -9,6 +9,12 @@ inputs:
    description: 'The version of Bun to install. (e.g. "latest", "canary", "0.5.6", <sha>)'
    default: latest
    required: false
+  registry-url:
+    required: false
+    description: "Optional registry to set up for auth. Will set the registry in a project level build.toml file, and set up auth to read in from env.BUN_AUTH_TOKEN."
+  scope:
+    required: false
+    description: "Optional scope for authenticating against scoped registries."
 outputs:
  bun-version:
    description: The version of Bun that was installed.
--- a/bun.lockb
+++ b/bun.lockb
--- a/dist/action.js
+++ b/dist/action.js
--- a/src/action.ts
+++ b/src/action.ts
@ -27,11 +27,15 @@ setup({
  version:
    readVersionFromPackageJson() || action.getInput("bun-version") || undefined,
  customUrl: action.getInput("bun-download-url") || undefined,
+  registryUrl: action.getInput("registry-url") || undefined,
+  scope: action.getInput("scope") || undefined,
 })
-  .then(({ version, revision, cacheHit }) => {
+  .then(({ version, revision, cacheHit, registryUrl, scope }) => {
    action.setOutput("bun-version", version);
    action.setOutput("bun-revision", revision);
    action.setOutput("cache-hit", cacheHit);
+    action.setOutput("registry-url", registryUrl);
+    action.setOutput("scope", scope);
  })
  .catch((error) => {
    action.setFailed(error);
--- a/src/auth.ts
+++ b/src/auth.ts
@ -0,0 +1,57 @@
+import { EOL } from "node:os";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { resolve } from "node:path";
+import * as core from "@actions/core";
+
+export function configureAuthentication(registryUrl: string, scope: string) {
+  const bunfigPath = resolve(process.cwd(), "bunfig.toml");
+
+  if (!registryUrl.endsWith("/")) {
+    registryUrl += "/";
+  }
+
+  writeRegistryToConfigFile({ registryUrl, fileLocation: bunfigPath, scope });
+}
+
+type WriteRegistryToConfigFile = {
+  registryUrl: string;
+  fileLocation: string;
+  scope: string;
+};
+
+function writeRegistryToConfigFile({
+  registryUrl,
+  fileLocation,
+  scope,
+}: WriteRegistryToConfigFile) {
+  if (scope && scope[0] !== "@") {
+    scope = "@" + scope;
+  }
+
+  if (scope) {
+    scope = scope.toLocaleLowerCase();
+  }
+
+  core.info(`Setting auth in ${fileLocation}`);
+
+  let newContents = "";
+
+  if (existsSync(fileLocation)) {
+    const curContents = readFileSync(fileLocation, "utf8");
+
+    curContents.split(EOL).forEach((line: string) => {
+      // Add current contents unless they are setting the registry
+      if (!line.toLowerCase().startsWith(scope)) {
+        newContents += line + EOL;
+      }
+    });
+
+    newContents += EOL;
+  }
+
+  const bunRegistryString = `'${scope}' = { token = "$BUN_AUTH_TOKEN", url = "${registryUrl}"}`;
+
+  newContents += `[install.scopes]${EOL}${EOL}${bunRegistryString}${EOL}`;
+
+  writeFileSync("./bunfig.toml", newContents);
+}
--- a/src/setup.ts
+++ b/src/setup.ts
@ -2,19 +2,23 @@ import { homedir } from "node:os";
 import { join } from "node:path";
 import { readdir, symlink } from "node:fs/promises";
 import * as action from "@actions/core";
-import { downloadTool, extractZip } from "@actions/tool-cache";
 import * as cache from "@actions/cache";
-import { restoreCache, saveCache } from "@actions/cache";
+import { downloadTool, extractZip } from "@actions/tool-cache";
 import { cp, mkdirP, rmRF } from "@actions/io";
 import { getExecOutput } from "@actions/exec";
+import { configureAuthentication } from "./auth";

 export default async (options?: {
  version?: string;
  customUrl?: string;
+  scope?: string;
+  registryUrl?: string;
 }): Promise<{
  version: string;
  revision: string;
  cacheHit: boolean;
+  scope?: string;
+  registryUrl?: string;
 }> => {
  const { url, cacheKey } = getDownloadUrl(options);
  const cacheEnabled = cacheKey && cache.isFeatureAvailable();
@ -24,7 +28,7 @@ export default async (options?: {
  let revision: string | undefined;
  let cacheHit = false;
  if (cacheEnabled) {
-    const cacheRestored = await restoreCache([path], cacheKey);
+    const cacheRestored = await cache.restoreCache([path], cacheKey);
    if (cacheRestored) {
      revision = await verifyBun(path);
      if (revision) {
@ -61,16 +65,25 @@ export default async (options?: {
  }
  if (cacheEnabled) {
    try {
-      await saveCache([path], cacheKey);
+      await cache.saveCache([path], cacheKey);
    } catch (error) {
      action.warning("Failed to save Bun to cache.");
    }
  }
  const [version] = revision.split("+");
+
+  const { registryUrl, scope } = options;
+
+  if (!!registryUrl && !!scope) {
+    configureAuthentication(registryUrl, scope);
+  }
+
  return {
    version,
    revision,
    cacheHit,
+    registryUrl,
+    scope,
  };
 };