I have this line in the dependency section of package.json file.
"<repository>": "git+ssh://git#github.com:<userName>/<repository>"
I have setup ssh in my github account and when I do npm install locally, it works correctly. As a new requirement, I am using github actions to automate this workflow.
This is the part of the yml file
steps:
- uses: actions/checkout#v2
- name: webfactory/ssh-agent
uses: webfactory/ssh-agent#v0.5.3
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Set up Node Js version as ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- name: Install The Dependencies
run: npm install
Install The Dependencies step is failing and this error is seen in github actions
npm ERR! /usr/bin/git ls-remote -h -t ssh://git#github.com/<username>/<repository>
npm ERR!
npm ERR! remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
Thanks in advance for any solutions.
I think u can solve this buy publishing the repo, plz try that and let me know if it's worked
Related
My trigger in the GitHub Actions workflow is when we have a new tag, then deploy the tag to the desired environment.
So, running npm version prerelease will trigger the workflow.
The problem is when I try to use cache I see that the version in package.json and package-lock.json are always changed so I can't use real cache here.
How can I continue working with npm version and get the benefits of caching?
- uses: actions/checkout#v2
- name: Cache node modules
id: cache-nodemodules
uses: actions/cache#v2
env:
cache-name: cache-node-modules-preview
with:
# caching node_modules
path: node_modules
key: ${{ runner.os }}-preview-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-preview-${{ env.cache-name }}-
${{ runner.os }}-preview-
- name: Install Dependencies app
if: steps.cache-nodemodules.outputs.cache-hit != 'true'
run: npm ci --legacy-peer-deps
- name: build
run: npm run build
I am creating my own NPM packages for the first time. For each commit, 1/ The package version should increase on the NPM registry, 2/ Update the package.json file in the github repository.
.github/workflows/publish.yml
on:
push:
branches:
- main
env:
version: 0
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: AutoModality/action-clean#v1
- uses: actions/checkout#v2
with:
ref: 'main'
fetch-depth: 0
- uses: actions/setup-node#v2
with:
node-version: 12
registry-url: https://npm.pkg.github.com/
scope: "#nandhirajan-tfi"
- run: echo "version=$(npm show #nandhirajan-tfi/my-package version)" >> $GITHUB_ENV
- run: npm version ${{env.version}} --no-git-tag-version --allow-same-version
- run: npm install
- run: npm build
- run: npm version patch -m "[RELEASE] %s" --no-git-tag-version --allow-same-version
- run: npm publish
env:
credentials: ${{secrets.GITHUB_TOKEN}}
GitHub Actions Output:
The above log says that the npm publish command has updated the NPM Version to 1.11.18. But the changes are not reflecting on the NPM registry.
Any help would be appreciated.
First of all you need to retrieve your package.json version. You can use the action ga-project-version for that.
Example:
name: release
on:
push:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
# This is how you use the ga-project-version action
- name: Get version of the project
id: project-version
uses: 'euberdeveloper/ga-project-version#main'
# In this step the exposed version is used as tag of a github release to publish
- name: Add release
uses: "marvinpinto/action-automatic-releases#latest"
with:
repo_token: "${{ secrets.GITHUB_TOKEN }}"
# This is how you access the exposed version
automatic_release_tag: "${{ steps.project-version.outputs.version }}"
title: "Deploy"
files: |
backend.tar.gz
As you can see, you will have the version available in "${{ steps.project-version.outputs.version }}".
After that the question is with which logic you will augment your version, e.g. the simplest one would be increasing the last number, but it's not a good idea, it'd not be semver.
After that you can use your custom way to get the newer version by using the current one as input ("${{ steps.project-version.outputs.version }}"`).
After having the new version, just edit the package.json (e.g. sed command) to write the new version, and commit it (e.g. stefanzweifel/git-auto-commit-action action).
In the end you can publish your npm package from the github action (follow this link)
I'm migrating our existing Travis tasks to GH actions. For Travis the command below would publish to npm and use the release tag name for the npm version.
script: yarn npm-bundle && npm version $TRAVIS_BRANCH --allow-same-version -m
"chore - release version %s [skip ci]" --allow-empty
Unfortunately changing to the below doesn't work...
run: |
yarn npm-bundle && npm version ${{ github.event.release.tag_name }} --allow-same-version -m "chore - release version %s [skip ci]" --allow-empty
npm publish --access public --dry-run
Its obviously empty as npm is using the version from package.json. I've tried some other variables such as ${{ github.head_ref }}
also...
run: |
yarn npm-bundle -m "chore - release version %s [skip ci]" --allow-empty
npm publish --tag ${{ github.event.release.tag_name }} --allow-same-version --access public --dry-run
I have resolved the issue by refactoring to the following...
- uses: actions/setup-node#v1
with:
node-version: 14.15.0
registry-url: https://registry.npmjs.org/
- run: yarn install
- run: git config --global user.name "${{ github.actor }}"
- run: git config --global user.email "github-action-${{ github.actor }}#users.noreply.github.com"
- run: npm version ${{ github.event.release.tag_name }}
- run: yarn npm-bundle
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
You can use the npm-publish action in your workflow instead of the script you used in Travis.
If you look for more actions available with NPM, you can find them on thee Github Marketplace
For example here, you could use something like this in your workflow, adapting in with your context with other run step if you need to use yarn or other commands:
on: push
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v1
with:
node-version: 10
- run: npm install
- run: npm test
- uses: JS-DevTools/npm-publish#v1
with:
token: ${{ secrets.NPM_TOKEN }}
tag: <your release tag name>
For more information regarding how this action work, check here.
Other Action
This other action (publish-to-npm) could be interesting as well if you want to check.
In my github project Im trying to automatically create a new version and publish it to NPM whenever something is pushed to the master branch.
The idea
Create a new minor version
Publish the package to NPM
Im using github actions. My workflow file looks like this:
# This workflow will run tests using node and then publish a package to the npm registry when a release is created
# For more information see: https://help.github.com/actions/language-and-framework-guides/publishing-nodejs-packages
name: Node.js Package
on:
#trigger on every commit to the main branch
push:
branches:
- main
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 12
- run: npm test
publish-npm:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 12
registry-url: https://registry.npmjs.org/
- run: git config user.name $GITHUB_ACTOR
- run: git config user.email gh-actions-${GITHUB_ACTOR}#github.com
- run: git remote add gh-origin https://${GITHUB_ACTOR}:${GITHUB_TOKEN}#github.com/${GITHUB_REPOSITORY}.git
- run: echo "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN" >> ~/.npmrc
- run: npm version patch
- run: npm publish
- run: git push gh-origin HEAD:master --tags
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
(https://github.com/ether/ep_align/actions/runs/322527776)
I keep getting a 404 error when doing the publish. Which I dont' understand because the package is online here: https://www.npmjs.com/package/ep_align
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/ep_align - Not found
npm ERR! 404
npm ERR! 404 'ep_align#0.2.7' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
This problem is driving me nuts for a few hours now, and I have no idea what it could be.
Any ideas?
it is just an authentication issue with your token.
Have you ever set the access token in your Repository secrets ? (You might want to create environments as well.)
https://docs.npmjs.com/creating-and-viewing-access-tokens
Or it might be an issue with authorization as well. Please check your token type. It should be automation one.
Here is an example from me >
https://github.com/canberksinangil/canberk-playground
Where I have set my token under the repository settings.
Let me know if this helps :)
The NODE_AUTH_TOKEN token is attached to the wrong step, so the npm publish has no authentication. You need:
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
- run: git push gh-origin HEAD:master --tags
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
Also, make sure the case of the env variable (npm_token) here matches that in the GitHub actions settings. Environment variables are case senstive.
I've got a project that includes a $PROJECT/.npmrc that has an auth token granting read-only access to the proviat repos required by the project:
$ cat .npmrc
//registry.npmjs.org/:_authToken={read-only-token}
How can I override that token with my user token so I can publish packages?
$ cat ~/.npmrc
//registry.npmjs.org/:_authToken={my-token}
The documentation states that config files will be loaded in "priority order", where the project configuration has the highest priority, and there doesn't seem to be any way to override this:
$ cd my-project/
$ npm whoami
project-readonly-user
$ cd ~
$ npm whoami
wolever
I know that it's possible to define an NPM_TOKEN environment variable:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
But this means that every user of the project will need to define the NPM_TOKEN environment variable, which is undesirable (ie, because it means that every user - including read-only users - will need to define an NPM_TOKEN environment variable before they can use the project).
Just found a solution.
Edit your .npmrc file:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
Every time you want to publish(powershell):
$env:NPM_TOKEN="the-token"
npm publish --access public --registry https://registry.npmjs.org
Obviously the docs have change and setting the auth Token via CLI is not possible anymore on npm publish, so I provide more solution for using NPM with Github Actions + Font Awesome PRO + Github Package Registry:
name: Node.js Package
on:
release:
types: [created]
workflow_dispatch:
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout 🛎
uses: actions/checkout#master
- name: Setup node env 🏗
uses: actions/setup-node#v2
with:
node-version: '14.x'
registry-url: 'https://npm.pkg.github.com'
scope: '#mindfuel'
- name: Install Packages 🦺
run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build 👷🏼
run: npm run build
- name: Prepare NPM Config 👮🏽♂️
run: rm -f .npmrc
- name: Setup publishing Env 🏗
uses: actions/setup-node#v2
with:
node-version: '14.x'
registry-url: 'https://npm.pkg.github.com'
scope: '#mindfuel'
- name: Publish Package 🚀
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
For me the trick is to recall setup-node after deleting the existing .npmrc.
We have a shared .npmrc that all developers use. It includes a READ ONLY token to our companies registry:
# Font Awesome Pro Config
#fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=<your-token>
# Private Packages
#<github-username-or-org>:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=<the-read-only-token>
CLI arguments have precedence over local .npmrc config, so you could overwrite it this way:
npm publish --registry=https://registry.npmjs.org/:_authToken={my-token}
You could add an npm script for publishing that depends on an environment variable with a private token:
{
"scripts": {
"publish": "npm publish --registry=https://registry.npmjs.org/:_authToken=${NPM_PUBLISH_TOKEN}"
}
}