feat (npmExecuteScripts) create seperate npmrc file for publish to private repo (#3422)

* creating new npm rc file

* publishing to registry staging

* exposing base64 version of env variables

* changing encoding param

* fixing unit test for the new path

* debugging env var

* remove debug message

* update docu

* changing new npmrc file name

* adding new npmrc to ignore

* adding new npmrc to ignore

Co-authored-by: anilkeshav27 <you@example.com>

documentation/docs/infrastructure/vault.md

@@ -115,7 +115,7 @@ The `vaultCredentialPath` parameter is the endpoint of your credential path in V
 2. `<vaultBasePath>/<vaultPipelineName>/<vaultCredentialPath>`
 3. `<vaultBasePath>/GROUP-SECRETS/<vaultCredentialPath>`
 
-The `vaultCredentialKeys`parameter is a list of credential IDs. The secret value of the credential will be exposed as an environment variable prefixed by "PIPER_VAULTCREDENTIAL_" and transformed to a valid variable name. For a credential ID named `myAppId` the forwarded environment variable to the step will be `PIPER_VAULTCREDENTIAL_MYAPPID` containing the secret. Hyphens will be replaced by underscores and other non-alphanumeric characters will be removed.
+The `vaultCredentialKeys`parameter is a list of credential IDs. The secret value of the credential will be exposed as an environment variable prefixed by "PIPER_VAULTCREDENTIAL_" and transformed to a valid variable name. For a credential ID named `myAppId` the forwarded environment variable to the step will be `PIPER_VAULTCREDENTIAL_MYAPPID` containing the secret. The Base64 encoded secret value will be exposed as environment variable to the step as  `PIPER_VAULTCREDENTIAL_MYAPPID_BASE64`. Hyphens will be replaced by underscores and other non-alphanumeric characters will be removed.
 
 !!! hint "Using a custom prefix for test credentials"
     By default the prefix for test credentials is `PIPER_VAULTCREDENTIAL_`.

pkg/config/vault.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/SAP/jenkins-library/pkg/config/interpolation"
 	"github.com/SAP/jenkins-library/pkg/log"
+	CredentialUtils "github.com/SAP/jenkins-library/pkg/piperutils"
 	"github.com/SAP/jenkins-library/pkg/vault"
 	"github.com/hashicorp/vault/api"
 )
@@ -280,6 +281,9 @@ func populateCredentialsAsEnvs(config *StepConfig, secret map[string]string, key
 				envVariable := vaultCredentialEnvPrefix + convertEnvVar(secretKey)
 				log.Entry().Debugf("Exposing general purpose credential '%v' as '%v'", key, envVariable)
 				os.Setenv(envVariable, secretValue)
+				envVariable = vaultCredentialEnvPrefix + convertEnvVar(secretKey) + "_BASE64"
+				log.Entry().Debugf("Exposing general purpose base64 encoded credential '%v' as '%v'", key, envVariable)
+				os.Setenv(envVariable, CredentialUtils.EncodeString(secretValue))
 				matched = true
 			}
 		}
@@ -295,6 +299,9 @@ func populateCredentialsAsEnvs(config *StepConfig, secret map[string]string, key
 					envVariable := vaultCredentialEnvPrefixDefault + convertEnvVar(secretKey)
 					log.Entry().Debugf("Exposing general purpose credential '%v' as '%v'", key, envVariable)
 					os.Setenv(envVariable, secretValue)
+					envVariable = vaultCredentialEnvPrefixDefault + convertEnvVar(secretKey) + "_BASE64"
+					log.Entry().Debugf("Exposing general purpose base64 encoded credential '%v' as '%v'", key, envVariable)
+					os.Setenv(envVariable, CredentialUtils.EncodeString(secretValue))
 					matched = true
 				}
 			}

pkg/npm/config.go

@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	configFilename = ".npmrc"
+	configFilename = ".piperNpmrc"
 )
 
 var (

pkg/npm/config_test.go

@@ -1,6 +1,7 @@
 package npm
 
 import (
+	"path/filepath"
 	"reflect"
 	"testing"
 
@@ -20,9 +21,9 @@ func TestNewNPMRC(t *testing.T) {
 		want string
 	}{
 		{name: "current dir", args: args{""}, want: configFilename},
-		{name: "sub dir", args: args{mock.Anything}, want: mock.Anything + "/.npmrc"},
-		{name: "file path in current dir", args: args{".npmrc"}, want: ".npmrc"},
-		{name: "file path in sub dir", args: args{mock.Anything + "/.npmrc"}, want: mock.Anything + "/.npmrc"},
+		{name: "sub dir", args: args{mock.Anything}, want: filepath.Join(mock.Anything, ".piperNpmrc")},
+		{name: "file path in current dir", args: args{".piperNpmrc"}, want: ".piperNpmrc"},
+		{name: "file path in sub dir", args: args{filepath.Join(mock.Anything, ".piperNpmrc")}, want: filepath.Join(mock.Anything, ".piperNpmrc")},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

pkg/npm/publish.go

@@ -50,13 +50,18 @@ func (exec *Execute) publish(packageJSON, registry, username, password string) e
 	npmignore.Add("**/piper")
 	log.Entry().Debug("adding **/sap-piper")
 	npmignore.Add("**/sap-piper")
-	// update .npmrc
+
+	npmrc := NewNPMRC(filepath.Dir(packageJSON))
+
+	log.Entry().Debugf("adding piper npmrc file %v", npmrc.filepath)
+	npmignore.Add(npmrc.filepath)
+
 	if err := npmignore.Write(); err != nil {
 		return errors.Wrapf(err, "failed to update %s file", npmignore.filepath)
 	}
 
+	// update .piperNpmrc
 	if len(registry) > 0 {
-		npmrc := NewNPMRC(filepath.Dir(packageJSON))
 		// check existing .npmrc file
 		if exists, err := FileUtils.FileExists(npmrc.filepath); exists {
 			if err != nil {
@@ -67,7 +72,7 @@ func (exec *Execute) publish(packageJSON, registry, username, password string) e
 				return errors.Wrapf(err, "failed to read existing %s file", npmrc.filepath)
 			}
 		} else {
-			log.Entry().Debug("creating .npmrc file")
+			log.Entry().Debugf("creating new npmrc file at %s", npmrc.filepath)
 		}
 		// set registry
 		log.Entry().Debugf("adding registry %s", registry)
@@ -86,7 +91,7 @@ func (exec *Execute) publish(packageJSON, registry, username, password string) e
 		log.Entry().Debug("no registry provided")
 	}
 
-	err := execRunner.RunExecutable("npm", "publish", filepath.Dir(packageJSON))
+	err := execRunner.RunExecutable("npm", "publish", "--userconfig", npmrc.filepath, "--registry", registry)
 	if err != nil {
 		return err
 	}