Add .npmrc files to node templates

[burtonr]

Description

This change adds an empty .npmrc file to the node templates
as well as adding the NPM_TOKEN build arg to allow users
to specify a private npm registry, or pass credentials to the
templates during build process.

Use of the NPM_TOKEN build arg means that the credentials are
not stored with the images and remain secure once the function
is built and deployed.

Using the --build-arg means that the .npmrc file does not need to be removed during the build process, however, if there is concern with keeping the file, it would be trivial to add a RUN rm .npmrc line to the Dockerfiles.

Signed-off-by: Burton Rheutan rheutan7@gmail.com

Motivation and Context

• I have raised an issue to propose this change (required)
  Several users have voiced a need to be able to install private npm packages in order to use the node templates. It was brought up in a few issues, in person, and in Slack.

Which issue(s) this PR fixes

Fixes #103

Also, makes permanent the workaround described in the faas issue openfaas/faas#1025

How Has This Been Tested?

Tested this by creating a verdaccio registry, and creating a private package there. Then, created a new function that referenced that package and including the verdaccio registry in the .npmrc file. Invoked the function, and verified the output included the private package's output.

.npmrc file:

registry=http://br-npmreg.southcentralus.azurecontainer.io:4873
//br-npmreg.southcentralus.azurecontainer.io:4873/:_authToken=${NPM_TOKEN}

packages.json file:

...
"dependencies": {
    "burtonr-test": "^1.0.3",
    "moment": "^2.24.0"
  }
}

Then, using faas-cli, ran the build with the NPM_TOKEN as a build-arg:

faas build -f pvt-js11.yml --build-arg NPM_TOKEN=xxxxxxx

Also, verified that not including the NPM_TOKEN had no effect on the build (only of course if the .npmrc file didn't require it)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Version change (see: Impact to existing users)

Impact to existing users

None, as new templates will include an empty .npmrc file that need not have any content.

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
  • I've updated the "welcome message" on the templates, but will need another PR to add notes in the docs as there is no readme for individual templates
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have signed-off my commits with git commit -s
• I have added tests to cover my changes.
• All new and existing tests passed.

[alexellis]

How Has This Been Tested?

[burtonr]

Sorry about that, forgot to update the testing section before submitting. I've edited it and included the steps I took.

[alexellis]

Did your package work as expected?

What was the command you used with faas-cli build?

Does docker history --no-trunc <IMAGE> show the contents of the file?

[burtonr]

Updated the testing section to show the faas-cli build command used: faas build -f pvt-js11.yml --build-arg NPM_TOKEN=xxxxxxx

The output of docker history only shows the sha of the file, no content. No values of the NPM_TOKEN either:

sha256:6802d30af37ae78af70214a00299e8a54fba5795751dd3a9a368f62288bb2af0   About an hour ago   /bin/sh -c #(nop)  ARG NPM_TOKEN                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             0B                  
sha256:bd3ab33d233c864eb04effcf838bec51c187dae8dba1247253dbcd97d3f22c1e   14 hours ago        /bin/sh -c #(nop) WORKDIR /home/app/function                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 0B                  
sha256:3e6b0a152dc79b5946b57915115a683994b8fa3bbc75ab44f83d61cbb7a58cb4   14 hours ago        /bin/sh -c #(nop) COPY file:0e28bb7d81d3b1f1c6eb84b4b5b28a80771df9193aad14b0dc6466f26af2a3f7 in ./                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           868B                
sha256:e4693f54845a68de7d87112c0e455902c1c13959ef16d641e607037d803918f8   14 hours ago        /bin/sh -c npm i --production                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                15.3kB              
sha256:4333677f57b5b3fcee5532d6bfd015e18efa6a3addc548b61bd52da31a26383e   14 hours ago        /bin/sh -c #(nop) COPY file:01ef0af5770d728c999ea083bbba183d61bbb53485bc8855fc0b9548d1a2c581 in ./

[alexellis]

How would users pass the build arg? $(cat filename) ?

[burtonr]

I think that's generally up to the user. It's possible to include it in the .npmrc file, and not use the build-arg. Some may not even need the build arg if they're just using a different registry without needing to authenticate to pull.
Some articles I've read suggest using an environment variable.
The most secure would likely be your suggestion of keeping it in a file and cat-ing it out at build time to keep it out of the environment and terminal history.