For various reasons we are stuck using yarn managing our packages so we can't rely on a package-lock.json to use npm with github actions.
We cannot get Yarn to authenticate as part of a github action. We've got our repo npmrc configured as:
@COMPANY:registry=https://npm.pkg.github.com
registry=https://registry.npmjs.org/
And we're using this action for yarn.
Here's a basic setup where we're just trying to install the modules -- nothing more.
name: CI
on: [push]
jobs:
build:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: borales/[email protected]
with:
auth-token: ${{ secrets.GITHUB_TOKEN }}
registry-url: "https://npm.pkg.github.com"
scope: tlabs
cmd: version
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_REGISTRY_URL: https://npm.pkg.github.com
- name: Create NPMRC
run: |
echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
- name: Install
run: |
yarn install --verbose
By default, this action will try to run install so to bypass that I provided a basic command there 'version' so it just displays the yarn version and nothing more.
Running yarn install will work for all other packages but when it gets to our private modules, it will try to get them from the right registry (github) but will be hit with a 401.
Full error:
verbose 7.614802156 Error: https://npm.pkg.github.com/download/@tlabs/utils/1.0.1/afe9eaa6f9565f95c31563cbecfe617d7970f44077302cbe9ca8ee3223550469: Request failed "401 Unauthorized"
at ResponseError.ExtendableBuiltin (/usr/share/yarn/lib/cli.js:696:66)
at new ResponseError (/usr/share/yarn/lib/cli.js:802:124)
at Request.<anonymous> (/usr/share/yarn/lib/cli.js:66996:16)
at Request.emit (events.js:210:5)
at Request.module.exports.Request.onRequestResponse (/usr/share/yarn/lib/cli.js:141441:10)
at ClientRequest.emit (events.js:210:5)
at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:583:27)
at HTTPParser.parserOnHeadersComplete (_http_common.js:115:17)
at TLSSocket.socketOnData (_http_client.js:456:22)
at TLSSocket.emit (events.js:210:5)
error An unexpected error occurred: "https://npm.pkg.github.com/download/@tlabs/utils/1.0.1/afe9eaa6f9565f95c31563cbecfe617d7970f44077302cbe9ca8ee3223550469: Request failed \"401 Unauthorized\"".
The default GITHUB_TOKEN
is only scoped for the current repository. You cannot use it to access packages in another repository. Use a read:packages
and repo
scoped Personal Access Token instead of GITHUB_TOKEN
.
I'm create a file .npmrc and .yarnrc. Type:
name: Test
on: push
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.x]
steps:
- uses: actions/checkout@v2
- name: Node ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- name: Create NPMRC
run: |
echo "//npm.pkg.github.com/:_authToken=${{ secrets.PACKAGES_TOKEN }}" >> ~/.npmrc
echo "@you-scope:registry=https://npm.pkg.github.com" >> ~/.npmrc
echo 'registry "https://registry.yarnpkg.com"' >> ~/.yarnrc
- run: yarn install
Replace @you-scope for you user of github or of your org in github in LowerCase. Create a PACKAGES_TOKEN screte for this repository.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With