configuring .npmrc to use NPM_TOKEN to publish to public repo - npm

I've created a public npm repository: https://www.npmjs.com/package/point-cloud-visualiser
I'm trying to run npm publish from within codebuild. I have generated a token and saved it in AWS secrets manager. I am succesfully pulling the secret in the buildspec. However I am unsure how to configure the .npmrc file so that it uses the token and doesn't tell me to login.
Currently my .npmrc looks like this:
#point-cloud-visualiser:registry=https://www.npmjs.com/package/point-cloud-visualiser
//point-cloud-visualiser/:_authToken=${NPM_TOKEN}
And my buildspec.yml looks like this:
version: 0.2
env:
secrets-manager:
NPM_TOKEN: "npm-token:npm-token"
phases:
install:
commands:
- npm install
build:
commands:
- npm run build
- npm publish
But when it fails on npm publish giving the error:
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to https://registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using `npm adduser`
I have also tried removing the .npmrc file and using the following in the buildspec.yml:
version: 0.2
env:
secrets-manager:
NPM_TOKEN: "npm-token:npm-token"
phases:
install:
commands:
- npm install
build:
commands:
- npm run build
- npm config set registry 'https://www.npmjs.com/package/point-cloud-visualiser'
- npm config set '//npmjs.com/package/point-cloud-visualiser/:always-auth' 'true'
- npm config set '//npmjs.com/package/point-cloud-visualiser/:_authToken' '${NPM_TOKEN}'
- npm publish
But this approach gives the same result as above. What am I doing wrong? Thank you!

The following buildspec worked succesfully:
version: 0.2
env:
secrets-manager:
NPM_TOKEN: "npm-token:npm-token"
phases:
install:
commands:
- npm install
build:
commands:
- npm run build
- echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
- echo "//registry.npmjs.org/:always-auth=true" >> ~/.npmrc
- npm publish

Related

Get npm package latest version from a gitlab registry

I'm trying to put a package in a Gitlab registry using npm and .gitlab-ci.yml.
.gitlab-ci.yml
npm-package:
stage: build
image: node:buster
before_script:
- git config --global user.name "${GITLAB_USER_NAME}"
- git config --global user.email "${GITLAB_USER_EMAIL}"
script:
- npm config set #${CI_PROJECT_ROOT_NAMESPACE}:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
- npm config set //${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}
- NPM_PACKAGE_NAME=$(node -p "require('.package.json').name")
- NPM_PACKAGE_VERSION=$(node -p "require('./package.json').version")
- echo $(npm view "${NPM_PACKAGE_NAME}" versions)
- echo ${NPM_PACKAGE_NAME}
- echo ${NPM_PACKAGE_VERSION}
- |
if [[ $(npm view "${NPM_PACKAGE_NAME}" versions) != *"'${NPM_PACKAGE_VERSION}'"* ]]; then
npm config set //${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}
npm publish
echo "Successfully published version ${NPM_PACKAGE_VERSION} of ${NPM_PACKAGE_NAME} to GitLab's NPM registry: ${CI_PROJECT_URL}/-/packages"
else
echo "Version ${NPM_PACKAGE_VERSION} of ${NPM_PACKAGE_NAME} has already been published, so no new version has been published."
fi
I tried my first time and the package was saved successfully in the repo. And now I'm trying to run it under the condition: if the version's package has changed then run an npm publish.
But the variable $(npm view "${NPM_PACKAGE_NAME}" versions) seems to be empty, and when I try to echo it I get the error:
npm ERR! code E401
npm ERR! 401 Unauthorized - GET https://gitlab.example.com/api/v4/projects/1/packages/npm/#my_scope/my_package
Any help?
Your CI does not have enough rights.
1- You need to generate an access token (automation type) from your npm registry via the npm UI (or via the command line).
The process with the UI:
https://docs.npmjs.com/creating-and-viewing-access-tokens
2- Assign the token to an environment variable (named NPM_TOKEN in this example) accessible to your CI
3- Then create (or update) a .npmrc file with this line at the top:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}

How can I set the npm version in gitlab CI?

I have a gitlab pipeline for an Angular project with the image in .gitlab-ci.yml
image: node:16
build:
stage: build
script:
- npm ci
- nodejs -v
- npm -v
- npm run build:prod
- npm doctor
When the pipeline reaches the npm doctor it fails with the following error on npm version:
$ npm doctor
Check Value Recommendation/Notes
npm ping ok
npm -v not ok Use npm v7.24.0
node -v ok current: v16.9.1, recommended: v16.9.1
npm config get registry ok using default registry (https://registry.npmjs.org/)
which git ok /usr/bin/git
Perms check on cached files ok
Perms check on local node_modules ok
Perms check on global node_modules ok
Perms check on local bin folder ok
Perms check on global bin folder ok
Verify cache contents ok verified 1361 tarballs
How can I solve this?
In my machine I have the npm version v7.24.0 and the command succeeds.
Install npm before you do anything else, specifying a version, i.e. npm install npm#version -g.
For completeness, if you can't update the global npm, you can do so locally, by replacing npm with npx npm#latest or npx npm#7.24.0. npx will install npm if it needs to, locally, and then run the local installation.
Lastly you can install locally with npm install npm#latest and then run it with $(npm bin)/npm, but this is what npx is for.
Note that I don't understand why you're running npm doctor after a build. Presumably if you care about npm thining it's set up properly you should run it before the build, so the pipeline fails early.
P.S. I stupidly read 'github' as 'gitlab'. If you were using github I would recommend using
setup-node if only for dependency caching, which can seriously speed up pipelines. I don't know if gitlab does anything similar.

NPM Login without manually entering the username, password & email

I have been able to login to my npm registry manually, ie: on my local machine - but for some reason it's not working when it goes through the CI. The problem here is that after I execute the npm login command, the program is waiting for the manual user input (username, password, email) and I couldn't find a way to send these inputs in the pipeline (where I can't make manual user input):
These different approaches I tried:
1. Copy the npm auth token from my local machine into the environment variables of the gitlab CI/CD Settings, and then just copy them into the global .npmrc at the root directory:
This results in an error (unauthenticated):
$ cd ~
$ pwd
/root
$ echo "//<my_registry_url>:_authToken=$NPM_AUTH_TOKEN" > ~/.npmrc
$ cat .npmrc
<my_registry_url>:_authToken=[MASKED] //<-- the masked value is correct, I had it unmasked before once by mistake...
$ npm whoami
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-03-02T14_29_00_728Z-debug.log
Cleaning up file based variables
00:00
ERROR: Job failed: exit code 1
2. Install npm-cli-login and pass the username, password and email in one line with the npm login command
$ npm install -g npm-cli-login
npm WARN deprecated har-validator#5.1.5: this library is no longer supported
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
added 567 packages, and audited 568 packages in 46s
33 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
// trying to login now
$ npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY
info attempt registry request try #1 at 6:17:19 AM
http request PUT [MASKED]-/user/org.couchdb.user:<my correct username>
http 201 [MASKED]-/user/org.couchdb.user:<my correct username> // the login seems to have worked, at least I don't get an error
// then I go to the home directory to check the .npmrc file
$ cd ~
$ pwd
/root
$ cat .npmrc
//<my_registry_url>:_authToken=<eyJ...rest of token> // <-- so this was created correctly at my npm-cli-login command
// then I go back to the angular project folder
$ cd /builds/<my path>/app/src/main/ui
$ ls
README.md
angular.json
browserslist
debug.log
e2e
package.json
src
tsconfig.app.json
tsconfig.spec.json
// and when I now run npm install, it says I'm not authenticated
$ npm install
npm WARN deprecated debug#4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated axios#0.20.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
npm WARN deprecated request#2.88.2: request has been deprecated, see https://github.com/reques/request/issues/3142
npm WARN deprecated fsevents#2.1.3: "Please update to latest v2.3 or v2.2"
npm WARN deprecated chokidar#2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated har-validator#5.1.5: this library is no longer supported
npm WARN deprecated fsevents#1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated urix#0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url#0.2.1: https://github.com/lydell/resolve-url#deprecated
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="Artifactory Realm" // <-- HERE IT FAILED
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-03-02T06_44_42_972Z-debug.log
Cleaning up file based variables
00:01
ERROR: Job failed: exit code 1
3. Using a here document like this in my gitlab-ci.yml:
- npm login --registry=<my_registry_url> << EOF
- $USERNAME
- $API_KEY
- $EMAIL
- EOF
This results in:
$ npm login --registry=<my_registry_url> << EOF
Username: npm WARN Name may not contain non-url-safe chars
Username: (echo $'\x1b[32;1m$ <my_username>\x1b[0;m') npm ERR! cb() never called!
npm ERR! This is an error with npm itself. Please report this error at:
npm ERR! <https://npm.community>
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-03-02T13_54_12_317Z-debug.log
ERROR: Job failed: exit code 1
The methods above were maybe not wrong at all, but somehow it only worked for me after using _auth instead of _authToken value in the .npmrc file.
This method is described here and on the jfrog confluence site.
After running this curl command I received everything that I needed to put into my global .npmrc file:
curl -u ${JFROG_USER}:${JFROG_ENCRYPTED_PASSWORD} https://${JFROG_ORG}.jfrog.io/artifactory/api/npm/auth
For anyone who's interested, the full script in my gitlab ci pipeline stage now looks like this:
script:
- npm -v
6.14.10
- node -v
v14.15.4
- cd ~
- pwd
/root
# install angular globally
- npm i -g #angular/cli
# create the config file '.npmrc' for authenticating at jFrog when running 'npm install'.
- cat > .npmrc
- echo _auth = ${NPM_AUTH_TOKEN} >> .npmrc <- This is the token that I received after running the curl command from the tutorial / link above
- echo always-auth = true >> .npmrc
- echo email = ${EMAIL} >> .npmrc
# the next line makes npm look for the packages that are annotated with #<my-private-repo> at the JFrog Repo.
- echo #<my-private-repo>:registry=${UI_JFROG_REGESTRY} >> .npmrc
# change back to the project folder.
- cd /builds/<my-project-folder>/ui
# install all packages + the <my-private-repo> package from JFrog.
- npm install
Instead of using npm login, which doesn't support non-interactivity, I used the auth URL and npmrc. However, I've only gotten this to work with private NPM repositories, and not with https://registry.npmjs.org/. I'm not sure what the AUTH url is for the public NPM registry. If someone finds the AUTH url for NPM, let me know :).
For private NPM repositories, you can avoid npm login by using:
curl -u $USERNAME:$ACCESS_TOKEN https://company.jfrog.io/artifactory/api/npm/auth > ~/.npmrc
This allows us to avoid unnecessary dependencies, and is a single-line-change to a CI job.
Tips:
You can adjust ~/.npmrc to .npmrc to affect the current project only.
For debugging, you can remove > ~/.npmrc and see what the output from the auth URL is.

Github actions: NPM publish 404 not found

In my github project Im trying to automatically create a new version and publish it to NPM whenever something is pushed to the master branch.
The idea
Create a new minor version
Publish the package to NPM
Im using github actions. My workflow file looks like this:
# This workflow will run tests using node and then publish a package to the npm registry when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
name: Node.js Package
on:
#trigger on every commit to the main branch
push:
branches:
- main
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 12
- run: npm test
publish-npm:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: git config user.name $GITHUB_ACTOR
- run: git config user.email gh-actions-${GITHUB_ACTOR}#github.com
- run: git remote add gh-origin https://${GITHUB_ACTOR}:${GITHUB_TOKEN}#github.com/${GITHUB_REPOSITORY}.git
- run: echo "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc
- run: npm version patch
- run: npm publish
- run: git push gh-origin HEAD:master --tags
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
(https://github.com/ether/ep_align/actions/runs/322527776)
I keep getting a 404 error when doing the publish. Which I dont' understand because the package is online here: https://www.npmjs.com/package/ep_align
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/ep_align - Not found
npm ERR! 404
npm ERR! 404 'ep_align#0.2.7' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
This problem is driving me nuts for a few hours now, and I have no idea what it could be.
Any ideas?
it is just an authentication issue with your token.
Have you ever set the access token in your Repository secrets ? (You might want to create environments as well.)
https://docs.npmjs.com/creating-and-viewing-access-tokens
Or it might be an issue with authorization as well. Please check your token type. It should be automation one.
Here is an example from me >
https://github.com/canberksinangil/canberk-playground
Where I have set my token under the repository settings.
Let me know if this helps :)
The NODE_AUTH_TOKEN token is attached to the wrong step, so the npm publish has no authentication. You need:
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
- run: git push gh-origin HEAD:master --tags
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
Also, make sure the case of the env variable (npm_token) here matches that in the GitHub actions settings. Environment variables are case senstive.

How to use AWS Codecommit repo as npm dependency

this is my buildspec file:
version: 0.2
env:
git-credential-helper: yes
phases:
install:
runtime-versions:
nodejs: 10
commands:
- npm install
build:
commands:
- npm run build
post_build:
commands:
- echo Build completed on `date`
and in package.json I added:-
dependencies : {
"sharedLib":"git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sharedLib#branchname"
}
I am getting build error in npm install. Any help will be appritiated.
Through IAM services give a Code commit access to the Role which is assigned to code build.
Then Code build should Run.