From 3148eb2c52818600b05cdb5048926b5023740434 Mon Sep 17 00:00:00 2001
From: seebees <ryanemer@amazon.com>
Date: Fri, 4 Jun 2021 18:43:54 -0700
Subject: [PATCH] chore: Explicit use .npmrc for NPM_TOKEN

---
 codebuild/release/prod-release.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml
index 019eae5d1..e321349be 100644
--- a/codebuild/release/prod-release.yml
+++ b/codebuild/release/prod-release.yml
@@ -47,11 +47,16 @@ phases:
             console.log(auth.generate(process.env.OTP_SECRET_KEY)),
             auth.timeRemaining() * 1000);
           "`
+      # npm will only expand env vars inside .npmrc
+      # NOTE the ' this is to keep the env var NPM_TOKEN from expanding!
+      - echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc
       # Now we publish to npm.
       # This is going to use the OTP generated above and the NPM_TOKEN
       # environment variable. This will only publish things that are
       # missing from npm. It is therefore safe to run repeatedly.
       - npx lerna publish from-package --yes --otp $OTP
+      # remove after publishing
+      - rm .npmrc
       # Clear out the verdaccio cache so that we get the latest version
       # of everything from public npm
       - rm -rf verdaccio/storage/