Pass the NPM auth token to rush publish via environment variable.

iclanton · iclanton · commit c729d188fb41 · 2020-03-06T17:17:44.000-08:00
diff --git a/common/config/azure-pipelines/templates/buildAndPublish.yaml b/common/config/azure-pipelines/templates/buildAndPublish.yaml
@@ -4,5 +4,7 @@ steps:
 - template: ./build.yaml
 - script: 'node common/scripts/install-run-rush.js version --bump --version-policy $(VersionPolicy) --target-branch $(Build.SourceBranchName)'
   displayName: 'Rush Version'
-- script: 'node common/scripts/install-run-rush.js publish --apply --publish --include-all --target-branch $(Build.SourceBranchName) --npm-auth-token $(npmToken) --add-commit-details --set-access-level public'
+- script: 'node common/scripts/install-run-rush.js publish --apply --publish --include-all --target-branch $(Build.SourceBranchName) --add-commit-details --set-access-level public'
   displayName: 'Rush Publish'
+  env:
+    NPM_AUTH_TOKEN: $(npmToken)
diff --git a/common/config/rush/.npmrc-publish b/common/config/rush/.npmrc-publish
@@ -0,0 +1,13 @@
+# Rush uses this file to configure the package registry, regardless of whether the
+# package manager is PNPM, NPM, or Yarn.  Prior to invoking the package manager,
+# Rush will always copy this file to the folder where installation is performed.
+# When NPM is the package manager, Rush works around NPM's processing of
+# undefined environment variables by deleting any lines that reference undefined
+# environment variables.
+#
+# DO NOT SPECIFY AUTHENTICATION CREDENTIALS IN THIS FILE.  It should only be used
+# to configure registry sources.
+
+registry=https://registry.npmjs.org/
+always-auth=true
+//registry.npmjs.org/:_authToken=${NPM_AUTH_TOKEN}
