I would recommend creating a community action which is setup-artifactory.

Wasn't #48 (always-auth setting) merged for Artifactory?

always-auth is an npm specific setting which artifactory happens to need. I think doing things like that is fine. But as soon as the features / concepts / inputs are jfrog / artifactory specific (and I'm not sure what those would be) I think it should be a different setup action.

So I guess that's the next question, what exactly is the ask? Does Artifactory not work with an auth token? A revokable token is better security wise than entering basic credentials for a standing user.

I found we need to be able to set registry, _auth, email, and always-auth in npmrc file to work with Artifactory. I believe _auth and email are the two which are missing from this currently.

Does Artifactory not work with an auth token

It does not, unfortunately. It does provide both user credential and access token (their own) support for builds using _auth instead of authToken.

My .npmrc's don't contain email, and work with just the following:

_auth = XXXXXXXXXXX
always-auth = true
registry = ...

The way we've generally implemented this for usage in docker development environments and the like is to set the environment variables NPM_CONFIG__AUTH and NPM_ALWAYS_AUTH instead of mucking with the .npmrc file directly.

EDIT: Just verified that this works w/ artifactory. (.npmrc file is checked into the repo w/ the registry key set, but it could also be set via ENV here to bypass the auth setup check for setup-node)

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v2
      - name: Use Node.js
        uses: actions/setup-node@v1
        with:
          node-version: '14.x'
      - name: Cache Node.js modules
        uses: actions/cache@v2
        with:
          path: ~/.npm
          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.OS }}-node-
            ${{ runner.OS }}-
      - name: Install dependencies
        run: npm ci
    env:
      NPM_CONFIG__AUTH: ${{ secrets.ARTIFACTORY_ACCESS_KEY }}
      NPM_ALWAYS_AUTH: true

Anyone got setup-node to work with JFROG npm private repo? cant seem to get the authentication going correctly here

I couldn't make @Lykathia's setup to work, so as a workaround, I had to create .npmrc "manually" before calling the actions/setup-node@v1

steps:
  - name: 'Checkout'
    uses: actions/checkout@v2

  - name: 'Create .npmrc'
    shell: bash
    run: |
      echo "registry=https://company.jfrog.io/artifactory/api/npm/npm-registry-name/" > .npmrc
      echo "_auth = ${{ secrets.JFROG_NPM_AUTH_TOKEN }}" >> .npmrc
      echo "always-auth = true" >> .npmrc

  - name: Use Node.js
    uses: actions/setup-node@v1
    with:
       node-version: '10.14.0'

make sure to remove the registry-url from the actions/setup-node@v1 because otherwise it will override the .npmrc.

@lub0v-parsable you're awesome! 🎉 You just ended a multi-hour search to get this working. @Lykathia's suggestion looks awesome (and I'd love to see that implemented one day), but it throws a warning saying those fields aren't supported.

At my company we encode some attributes as part of our token, so I had to wrap the _auth bit in another set of quotes (e.g., echo "_auth = \"something that might have spaces\"" >> .npmrc) in case anyone has to do something similar.