It's first time I'm trying to use Actions in GitHub to load a package on npm.
My workflow gets error because of:
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/github-custom-module - Not found
npm ERR! 404
I noticed that also trying to reach out by browse bar https://registry.npmjs.com/ or http://registry.npmjs.com/ and it responds something like:
{"db_name":"registry","engine":"couch_bt_engine","doc_count":2594600,"doc_del_count":334,"update_seq":12737068,"purge_seq":0,"compact_running":false,"sizes":{"active":52390186030,"external":150891609029,"file":52550172912},"disk_size":52550172912,"data_size":52390186030,"other":{"data_size":150891609029},"instance_start_time":"1640854262658073","disk_format_version":7,"committed_update_seq":12737068,"compacted_seq":12733464,"uuid":"d8db915449574fe1dbb729e34426a075"}
just wondering if someone got in trouble for the same reason and eventually how to fix it!
Thank you very much!
Since your npm package is in a private repo, your Github action may not have access to it. There are two approaches to solving this ->
The easy way
You can use a read only access token in the dependency list in the package.json file to install the packages. This will require changing the code base but it trivializes the CI part. Bear in mind that if the token expires or is deleted your builds will start failing.
The not so easy way
The other way is to again create an access token for the npm registry and then
adding it to the Github Secrets instead. So lets say we store it in
NPM_TOKEN then in your action file you could simply add this to the env
steps:
- run: |
npm install
- env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
You also need to create a .npmrc file in the root of your project with a single line using the env variable to set the auth token.
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
The npm cli will replace the value from the environment in so your secrets are safe !
Related
I have a (test) npm package named #myScope/test which I want to publish into a private gitlab registry within a gitlab project whose address is
https://gitlab.<something>/myId/test-npm-registry/
with ID 9630
First, I'm a bit confused with npm login and .npmrc. If I understand correctly, answers given to npm login end-up as a couple of lines into .npmrc, is that right?
So essentially, to instruct npm about authenticating to a registry, one can either:
manually edit .npmrc
use npm config set
use npm login
Based on what I read on the gitlab help, I've inserted the following lines into my .npmrc:
#myScope:registry=https://gitlab.<something>/api/v4/projects/9630/packages/npm/
'//gitlab.<something>/api/v4/projects/9630/packages/npm/:_authToken'="${GITLAB_AUTH_TOKEN}"
Note: I had to use the project ID, having issues with the url format.
I have also added the following bit into the package.json :
publishConfig":{
"#myScope:registry": "https://gitlab.<something>/api/v4/projects/9630/packages/npm/"
}
Finally, I've created a token in gitlab, with "api, read_api, read_registry, write_registry" rights and I have assigned the token to the GITLAB_AUTH_TOKEN variable:
GITLAB_AUTH_TOKEN="xk4L7xxvzHuykyKawxQZ"
When I do npm publish I'm getting the following message :
npm ERR! code E401
npm ERR! 401 Unauthorized - PUT https://gitlab.<something>/api/v4/projects/9630/packages/npm/#myScope%2ftest-npm-registry
npm ERR! A complete log of this run can be found in:
The logs doesn't help, nor does the verbose mode. Also, I'm not getting if I have to perform an explicit npm login or if the configuration in the .npmrc (with the token) should do the trick. I actually cannot do npm login because the username has an # character in it and npm refuses it.
Any ideas ?
I have created a private npm registry using gitlab
I have the following .npmrc file, which is the same .npmrc file that I used to publish with no issues. I've replaced all company values with placeholders.
#myorg:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken=[[MY_TOKEN_HERE]]
//gitlab.com/api/v4/projects/12345678/packages/npm/:_authToken=[[MY_TOKEN_HERE]]
When I go to install I get the following error message
npm install #myorg/my-package-name-here
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/#myorg/my-package-name-here - Not found
npm ERR! 404
npm ERR! 404 '#myorg/my-package-name-here#latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
This to me looks like it's not picking up the .npmrc file as the registry is different.
I have checked and the file is definately .npmrc and not a different extension etc.
Anyone have any ideas?
EDIT
I've done some investigation and it does look like my .npmrc file is being used, however the registry
'https://gitlab.com/api/v4/packages/npm/#myorg/my-package-name-here'
is being redirected to
'https://registry.npmjs.org/#myorg/my-package-name-here'
which is why it will be showing up as this...
It does not explain to me why it can't be found though using the auth token etc that I used to publish?
I've figured it out...
Everything is fine other than #myorg does not match my gitlab org name.
e.g. the gitlab url is something like this:
https://gitlab.com/my-company/...
instead it needs to match the github url, so in the above example
#my-company
After switching this it all kicked into life and I am able to get the npm package.
It is not necessarily true (as stated in the accepted answer) that the scope name "needs to match the github [sic] url" (believe github is meant to be GitLab).
Using GitLab, it is possible to have a scope name that does not match the root of your GitLab URL.
The difference is how the registry is configured in the project's (or user's) .npmrc.
From GitLab:
When you use the instance-level endpoint, only the packages with names in the format of #scope/package-name are available. For example, if your project is https://gitlab.example.com/my-org/engineering-group/team-amazing/analytics, the root namespace is my-org. When you publish a package, it must have my-org as the scope.
The registry config for an instance-level endpoint looks like this:
#scope:registry=https://gitlab.com/api/v4/packages/npm/
...however, if your scope name does not match the root of GitLab URL, you will need a project-level endpoint configuration:
#scope:registry=https://gitlab.com/api/v4/projects/<your_project_id>/packages/npm/.
https://docs.gitlab.com/ee/user/packages/npm_registry/index.html
My cents to help someone.
When you create a repository to handle with Package Registry, then you've created in a group or in your own user. It's very important to observe where you created it. Probably your registry repository url is something like this:
https://your.gitlab.com/{name_of_group_or_name_of_user}/[{optional_subgroup}/]{repository_registry_name}
Now, let's say you've a package in the url:
https://your.gitlab.com/my-group/my-package
And the url registry is:
https://your.gitlab.com/main/registry
The #scope of your my-package needs being #main/my-package, and not #my-group/my-package. If you define wrong #scope here, it gives you 404.
my-package:
{
"name": "#main/my-package",
...
}
The #scope is the first segment of the url of your registry repository path.
I have a working verdaccio server hosted on a google cloud server. I am able manually publish to it, but am struggling to create a GitHub Action to publish to it when I push to master branch.
I have a script that works perfectly when publishing to npmjs public repo. Here is the relevant part that works for npmjs.org
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Now, for my own server, I have included the following addition in package.json:
"publishConfig": {
"registry": "http://my.ip.0.0:port"
},
And then in the repositories secrets, I have created an NPM_TOKEN secret with my user's token copied from my computer's .npmrc file after logging in.
I'm getting the following error from the Github Actions result:
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
So I'm clearly not authenticating properly.
I tried (on the server's cli) using npm token create but it gave me an unauthorized error, and I tried the same on my computer locally after logging in too, and got the same error.
How can I authenticate my Github Actions publish to my custom Verdaccio server? I'm pretty new to this whole CI business, so I suspect I'm missing something quite basic. I suspect I'm doing it wrong using NPM_TOKEN, but it worked fine to publish to npmjs.org public repo.
Again, I can manually publish using npm publish from the terminal on my Mac (after logging into custom server with npm login), so I know that the server is set up properly.
After much googling, I found a solution from this tutorial https://remysharp.com/2015/10/26/using-travis-with-private-npm-deps
It's not written for GitHub Actions but the same procedure worked.
First, you need to login to your private server from your computer. In your home folder look at the .npmrc file (turn on show hidden files).
add this line to the yaml action file:
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
Note that it should actually be NODE_AUTH_TOKEN, NOT your actual token.
The part in the quotes should mostly match the entry in your .npmrc file (without the token).
So now it looks like this
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Then in the Settings -> Secrets part of your GitHub repo, add a secret called NPM_TOKEN and paste in the auth token value from the .npmrc. It's a long series of letters and numbers.
Now this script should properly log in. Apparently the issue is that the default Verdaccio authorization plugin expects it to be used interactively. This line basically creates an .npmrc file on the fly and populates it with the correct info, as if you've already logged in interactively. The file isn't actually created though, and disappears after running, which is a nice touch. It also is pretty secure since it stores the token in the secrets part of the repo. The link above does a better job explaining it, so check it out!
I have a custom .npmrc file as follows
#foo:registry=https://gitlab.com/api/v4/packages/npm/
// This works and it returns the latest dist tag from the registry as configured in .npmrc
npm view --json #foo/my-package dist-tags
// This fails with a 404
npm access ls-collaborators #foo/my-package
// npm ERR! 404 Not Found - GET https://registry.npmjs.org/-/package/%40foo%2Fmy-package/collaborators?format=cli - Package not found
Some more context:
I am trying to publish an npm package to a private package registry on gitlab using the np module. These commands seem to be executing as part of one of its steps for user authentication.
What am I missing?
Make sure "private": true is in your package.json file. I was running into a similar problem as you, and adding this fixed it for me.
I am using Nexus Repository ManagerOSS 3.0.2-0, I have successfully created npm hosted repository, but when I click on the link it always says 400 bad request.
And also through command line am not able to perform npm adduser pointing to this registry .
Any idea what am doing wrong?
The link in the UI is non functional, it's there to copy for use in setting up tooling, the 400 is expected behavior at this point in time.
As for npm adduser, I believe this should work. Make sure to have the npm Bearer Token Realm enabled.
You can read more about enabling it here: https://books.sonatype.com/nexus-book/reference3/npm.html#_authentication_using_realm_and_login