Photo by Serkan Turk on Unsplash
Yesterday Julien Renaux published a series of interesting new blog posts. In one of these he notably displayed, step by step, how to deploy StencilJS apps with GitHub actions and Firebase hosting.
This tutorial really caught my eye because all applications of our web open source project DeckDeckGo are developed with StencilJS and hosted on Firebase š
Of course I couldnāt wait that much and I had to give it a try. Because Iāll have to make changes to obfuscate production tokens differently if I use a CI to build our editor for presentations, I thought I could first try out his recipe in the current Ionic React demo application Iām developing for our Meetup next week.
As a result, it just worked seamlessly š It worked so well and the setup was so easy, that I thought I could quickly setup another CI deployment for my website too.
Unfortunately it didnāt worked out š Even if the technology and stack of my website, build with Gatsby, is somehow really similar to the small app, the build performed by the CI failed:
X Download Artifact
1 Run actions/download-artifact@master
2 with:
3 name: build
4 Download artifact 'build' to: '/home/runner/work/daviddalbusco.com/daviddalbusco.com/build'
5
6
At first, I didnāt understood the error. Of course I noticed that some artifacts couldnāt be downloaded but I didnāt knew what where these and what was the root cause. After a bit I finally remembered that I used to face a similar problem with another CI.
For my website Iām using Font Awesome and notably the @fortawesome/pro-light-svg-icons icons which could only be used if my related Font Awesome Pro NPM token is configured. While the documentation explains clearly how to configure the token locally, they donāt (or at least I didnāt found out at first) provide an example which displays how to hide it from a public repository. Therefore, the purpose of this blog post.
Configure the NPM registry
The Font Awesome NPM token could either be set up globally or per project. The method we need to build our project with a CI is the last one, āper projectā. For that purpose, we create a new file .npmrc in the root of your project . To the contrary of the documentation, we only add one line in the file respectively we only add the reference to the Font Awesome packet manager. We deliberately ignore to specify anything regarding our token.
@fortawesome:registry=https://npm.fontawesome.com/
Set up a new secret in GitHub
As we didnāt provided the token in the previous file, we will have to provide it to the GitHub action in a different way otherwise it will still not be able to download the dependency. Fortunately GitHub already provide an option to keep environment variables secret. Therefore we make the most of this option and we create a new secret for our Font Awesome NPM token. For example letās call it FONTAWESOME_NPM_AUTH_TOKEN.
Set up a GitHub secret for the Font Awesome NPM token
Use the secret in our CI
If you already followed the tutorial of Julien, your CI workflow probably already contains the following to install the dependencies from NPM of your application:
- name: Install Dependencies
run: npm ci
This is the root of our problem, as NPM is not aware of the specific registry and token it has to use to download the specific artifact. Therefore we finally are going to resolve the issue by running a command-line, before the installation one, to configure NPM with our secret token.
The pipe (| ) let us specify multiple commands all run in the in the same shell (see documentation).
- name: Install Dependencies
run: |
npm config set '//npm.fontawesome.com/:_authToken' "${{ secrets.FONTAWESOME_NPM_AUTH_TOKEN }}"
npm ci
And voilĆ , our CI should now be able to download the required dependency and therefore build and deploy our project š
Successful CI, happy CI šŗ
Cherry on the cake šš
My website is open source and available on GitHub, check it out to validate the solution with your own eyes š
To infinity and beyond š
David