From 6fbe8687ee7cd14fb6bcbc879bd6fb43aa9c1295 Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Tue, 24 Mar 2026 15:36:46 -0700 Subject: [PATCH] =?UTF-8?q?fix(scripts):=20switch-network.sh=20=E2=80=94?= =?UTF-8?q?=20add=20NO=5FPROXY=20+=20GITEA=5FNPM=5FTOKEN=20management?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add NO_PROXY/no_proxy/NPM_CONFIG_NOPROXY=localhost,127.0.0.1 when NETWORK=corp so local services (Gitea npm registry, Cosmos emulator, Azurite) bypass the corporate proxy. Previously NO_PROXY was only set in .zshrc line 5, making the script not self-contained. - Add GITEA_NPM_TOKEN auto-load from ~/.gitea_npm_token file (regardless of NETWORK). Reads are public, but publish needs the token. This ensures local pnpm install resolves @bytelyst/* auth. - Unset NO_PROXY/no_proxy/NPM_CONFIG_NOPROXY when NETWORK=home. --- scripts/switch-network.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/scripts/switch-network.sh b/scripts/switch-network.sh index 786877a7..e5a08e7b 100755 --- a/scripts/switch-network.sh +++ b/scripts/switch-network.sh @@ -17,6 +17,8 @@ # - NPM_CONFIG_REGISTRY → AT&T JFrog npm proxy # - NPM_CONFIG_PROXY → corporate proxy # - NPM_CONFIG_STRICT_SSL → false (proxy TLS interception) +# - NO_PROXY / no_proxy → localhost,127.0.0.1 (Gitea, Cosmos, Azurite) +# - NPM_CONFIG_NOPROXY → localhost,127.0.0.1 # - NODE_TLS_REJECT_UNAUTHORIZED → 0 (Node.js trusts proxy certs) # - PIP_TRUSTED_HOST → pypi.org, files.pythonhosted.org # - GRADLE_OPTS → JVM truststore with corporate CA cert @@ -59,6 +61,10 @@ if [ "${NETWORK:-home}" = "corp" ]; then export NPM_CONFIG_STRICT_SSL="false" export PIP_TRUSTED_HOST="pypi.org files.pythonhosted.org" export NODE_TLS_REJECT_UNAUTHORIZED="0" + # Bypass proxy for local services (Gitea npm registry, Cosmos emulator, Azurite, etc.) + export NO_PROXY="localhost,127.0.0.1" + export no_proxy="localhost,127.0.0.1" + export NPM_CONFIG_NOPROXY="localhost,127.0.0.1" # Gradle: trust corporate proxy CA cert (TLS interception by cso.proxy.att.com) if [ -f "$_GRADLE_TRUSTSTORE" ]; then export GRADLE_OPTS="-Djavax.net.ssl.trustStore=$_GRADLE_TRUSTSTORE -Djavax.net.ssl.trustStorePassword=changeit -Djdk.http.auth.tunneling.disabledSchemes= -Djdk.http.auth.proxying.disabledSchemes= -Djava.net.useSystemProxies=true" @@ -68,6 +74,7 @@ else unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY 2>/dev/null unset NPM_CONFIG_REGISTRY NPM_CONFIG_PROXY NPM_CONFIG_HTTPS_PROXY 2>/dev/null unset NPM_CONFIG_STRICT_SSL NODE_TLS_REJECT_UNAUTHORIZED 2>/dev/null + unset NO_PROXY no_proxy NPM_CONFIG_NOPROXY 2>/dev/null unset PIP_TRUSTED_HOST GRADLE_OPTS 2>/dev/null fi @@ -83,3 +90,16 @@ if [[ $- == *i* ]]; then fi unset _CORP_PROXY _CORP_NPM_REGISTRY + +# ── Gitea NPM token (always, regardless of NETWORK) ────────────── +# Local Gitea registry at localhost:3300 — token for publish access. +# Reads: public without auth. Writes: need GITEA_NPM_TOKEN. +# Store token in ~/.gitea_npm_token (one line, no newline). +# Create: curl -s -u admin:PASSWORD http://localhost:3300/api/v1/users/admin/tokens \ +# -H 'Content-Type: application/json' -d '{"name":"npm"}' | jq -r '.sha1 // .token' +_GITEA_TOKEN_FILE="$HOME/.gitea_npm_token" +if [ -z "${GITEA_NPM_TOKEN:-}" ] && [ -f "$_GITEA_TOKEN_FILE" ]; then + export GITEA_NPM_TOKEN + GITEA_NPM_TOKEN="$(cat "$_GITEA_TOKEN_FILE")" +fi +unset _GITEA_TOKEN_FILE