feat(trusted-publishing): handle failure to retrieve id-token in the context of github actions

for #958

Author: travi

lib/trusted-publishing/token-exchange.js

@@ -6,7 +6,14 @@ const GITHUB_ACTIONS_PROVIDER_NAME = "GitHub Actions";
 const GITLAB_PIPELINES_PROVIDER_NAME = "GitLab CI/CD";
 
 async function exchangeGithubActionsToken(packageName) {
-  const idToken = await getIDToken("npm:registry.npmjs.org");
+  let idToken;
+
+  try {
+    idToken = await getIDToken("npm:registry.npmjs.org");
+  } catch (e) {
+    return undefined;
+  }
+
   const response = await fetch(
     `${OFFICIAL_REGISTRY}-/npm/v1/oidc/token/exchange/package/${encodeURIComponent(packageName)}`,
     {

test/trusted-publishing/token-exchange.test.js

@@ -36,6 +36,12 @@ test.serial("that an access token is returned when token exchange succeeds", asy
   t.is(await exchangeToken(pkg), token);
 });
 
+test.serial("that `undefined` is returned when ID token retrieval fails", async (t) => {
+  td.when(getIDToken("npm:registry.npmjs.org")).thenThrow(new Error("Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable"));
+
+  t.is(await exchangeToken(pkg), undefined);
+});
+
 test.serial("that `undefined` is returned when token exchange fails", async (t) => {
   td.when(getIDToken("npm:registry.npmjs.org")).thenResolve(idToken);
   td.when(