CircleCI is a supported provider. It looks like
|
export default function exchangeToken(pkg, { logger }) { |
could be updated with
if (CIRCLE_CI_PROVIDER_NAME === ciProviderName) {
return exchangeCircleToken(pkg.name, logger); // identical to exchangeGitlabPipelinesToken except the log message.
}
as long as there is something like
## 1. Fetch the OIDC token with the correct audience for npm
export NPM_ID_TOKEN=$(circleci run oidc get --claims '{"aud": "npm:registry.npmjs.org"}')
in the circleci config.
or possibly even better... Just check for NPM_ID_TOKEN and use it if present the way npm does, only falling back to platform specific code on platforms when it is not present.
export default function exchangeToken(pkg, { logger }) {
const npmIdToken = process.env.NPM_ID_TOKEN;
// if NPM_ID_TOKEN provided, give it precendence
if (npmIdToken) {
logger.log("Trusted Publishing with NPM_ID_TOKEN env var");
return exchangeToken(npmIdToken, pkg.name, logger);
}
// CI Provider Specific Handling
const { name: ciProviderName } = envCi();
if (GITHUB_ACTIONS_PROVIDER_NAME === ciProviderName) {
return exchangeGithubActionsToken(pkg.name, logger);
}
return undefined;
}
CircleCI is a supported provider. It looks like
npm/lib/trusted-publishing/token-exchange.js
Line 60 in 62e80ac
as long as there is something like
in the circleci config.
or possibly even better... Just check for NPM_ID_TOKEN and use it if present the way
npmdoes, only falling back to platform specific code on platforms when it is not present.