I'm trying to set up dependabot-standalone to run in a GitLab-CI pipeline in a private instance.
It's an npm package and I'm using a private npm registry to fetch my dependencies from. According to the docs, I should set up my registry access data within the .gitlab/dependabot.yml file.
The docs for settings in dependabot.yml clearly say how to set up the credentials to access a given registry:
registries:
npm-npmjs:
type: npm-registry
url: https://registry.npmjs.org
username: octocat
password: ${{secrets.MY_NPM_PASSWORD}} # Must be an unencoded password
registries:
npm-github:
type: npm-registry
url: https://npm.pkg.github.com
token: ${{secrets.MY_GITHUB_PERSONAL_TOKEN}}
But only for its use in GitHub with project secrets. Is there a way to use GitLab's custom defined CI/CD variables instead?
So far I have unsuccessfully tried to use ${{CI_PRIVATE_NPM_ACCESS_TOKEN}} and ${CI_PRIVATE_NPM_ACCESS_TOKEN}
I think npm-login-noninteractive could be helpful in this case.
job-name:
script:
- npm install -g npm-login-noninteractive
- NPM_USER=testUser NPM_PASS=testPass NPM_EMAIL=test#example.com NPM_REGISTRY=your.npm.com npm-login-noninteractive
Other possible useful answers, here: How to set npm credentials using `npm login` without reading from stdin?
According to this example, you need to set the following environment variables within GitLab:
SETTINGS__GITHUB_ACCESS_TOKEN
SETTINGS__GITLAB_ACCESS_TOKEN
To set these variables at the project level, within GitLab go to: Project -> Settings -> CI/CD -> Variables.
I want to create a backend using sanity. I have installed sanity CLI using the command 'npm install -g #sanity/cli'. After that, I create a project using the command sanity init. But It gives the following error when authenticating. But my google account and sanity account are already logged in.
enter image description here
add C:\Windows\System32 to your path
In your windows Environmental Variables add C:\Windows\System32\ to the PATH variable in System Variables.
I had the same issue and this fixed it.
Can Google Cloud Build use an NPM token during the install process?
I'm using a private NPM package across applications and I know we can place the token within an .npmrc file
//registry.npmjs.org/:_authToken=<YOUR_AUTH_TOKEN>
But I would like to keep the token out of the codebase(s) and use SM for what it's for.
But this doesn't seem possible and the docs do not seem to cover this.
Meanwhile, posting the solution proposed by sethvargo and guillaume blaquiere for visibility.
You can set the token value as an environment variable, NPM_TOKEN. In that case, you can use the native Cloud Build + Secret Manager integration to inject the value: cloud.google.com/build/docs/securing-builds/use-secrets
If the NPM_TOKEN solution doesn't work, you can still use the Secret Manager and Cloud Build to load your token, write your .npmrc file with a script and then run your build.
I had to get experienced help for Secret Manager for this and it still took over 20 hours.
Assuming you possess general knowledge of GCP and Secret Manager and have your NPM token on-hand (found at npmjs.com/settings/USERNAME/tokens)
Create a Secret Manager secret named NPM_TOKEN with its value
being the private NPM package's automation token
Within the cloudbuild.yaml build process create an .npmrc
steps:
- name: bash
args: ['-c', 'echo //registry.npmjs.org/:_authToken=$$NPM_TOKEN > .npmrc'] <-- main takeaway
secretEnv: ['NPM_TOKEN']
- name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
args: ['gcloud', 'app', 'deploy']
availableSecrets:
secretManager:
- versionName: projects/$PROJECT_ID/secrets/NPM_TOKEN/versions/latest
env: 'NPM_TOKEN'
Now the cloud build process has an NPM_TOKEN value to pull in the private NPM package.
I am working on an azure devops pipeline created without YAML. In the pipeline node.js and npm is used to build some web interfaces. mkdocs is used to build web documentation.
My problem is that azure devops treats some infos and warnings as errors:
While the build does not fail it is marked as only partially successful. I prefer to have a clean build.
How do I keep azure devops from treating infos and warnings as errors? Or is it some setting I have to configure on the side of mkdocs and npm?
1.For the Info which is treated as error, you can uncheck the Fail on Standand Error option and then add 2>&1 | Write-Host to your mkdocs command, see PS About Redirection
. You should run the command via Powershell task.
2.And for the error about fsevents, it seems to be one issue starting from npm V.3.10.8. Use Node.js Tool Installer task to install the latest NPM version and run the pipeline again. If the issue persists, you can try joefiorini's workaround:
Add this script to your package.json file.
"optionalDependencies": {
"fsevents": "*"
},
It seems that the company firewall prevented npm from making ssl connections because of missing certificates or something. I added
npm set strict-ssl false
to the build pipeline which -ironically- makes the connection less secure, but it makes all errors go away which I prefer to suppressing the errors/warnings/info.
I don't know if Don't Fail on Standard Error would even do anything since the build did not fail, it was partially successful. I prefer to have it checked in case a real error occurs.
After looking at it some more I am not exactly sure the highlighting and specification of errors is correct in the pipeline results. Why would an info output be marked as error anyway?
I've been trying to publish my package to the NPM Registry.
I get an error that I am not allowed to push my package to the registry.
403 Forbidden - PUT https://registry.npmjs.org/qdb - You do not have permission to publish "qdb". Are you logged in as the correct user?
I wonder why.
For me, I received this 403 error message when I had just created my NPM account, but not verified the email address on my account. I found the verification request email from NPM, clicked the link, and magically was able to publish my first package.
It looks like a package with that name was already published by someone else, so you'd need to use a different name in your package.json file and then npm publish again.
Else, you can look if you're trying to publish the same version that's already published.
Happens either because of a duplicate package name or because you never verified your email address.
Check if you are publishing the same version. I needed to update the version of the package and npm publish again. From the Forbidden error that I was getting it was not obvious.
check your email registration and confirm verification
finaly repeat publish your package
and i hope will work 😁
Also happens when an org name is already taken. Use the following URL:
https://www.npmjs.com/org/ORG_NAME_HERE
If you're getting a "404 Not Found" error, it means the name is free. Otherwise it is not.
There Could be many reasons for that
Email not verified, so first verify your email with npmjs.com
Someone else is using that same package name, it needs to be unique. So
choose a unique name.
You can change the name under package.json file.
If you are republishing same package with changes you made , you need to change version , eg - 1.0.0 to 1.0.1. You can change the varsion name under package.json file as well.
Don't forget that you need to be logged-in.
Run
npm login to be able to publish packages.
I just verified my email and error gone. Now I can publish my packages.
For me there was another project with the same name. I just change the name and npm publish then it works good.
Another reason for this error is that your package name conflicts with an existing published package. NPM thinks that's the package you're trying to publish, and obviously, you don't have permission for it
change name like that(also the version)
sample
"name": "npm-helloworld-testwwwyy-xx",
"version": "1.0.3"
If you are using scope, the following conditions need to be met:
Publishing to your user scope (example: #username/module)
Publishing to an organization scope (example: #org/module)
#see https://docs.npmjs.com/cli/v8/using-npm/scope#publishing-public-scoped-packages-to-the-primary-npm-registry
For me it was duplicate package name. Changing package name in package.json did the trick. There could be other two reasons:
Try npm whoami . If you do not have username displayed try npm login.
If you are trying to re-publish make sure you run npm version major/minor/patch as per your need.
In my case I had different email in my npm config than what my npm login is set up with.
So basically your email displayed via npm config ls -l should match the email specified in your npmjs.com account.
if you publish with NPM_TOKEN be sure it has publish permission, not read-only
This case of issue happen even though email is verified if you are Ubuntu user.
Add sudo cmd before npm login,
sudo npm login
Also use sudo while publish a module
sudo npm publish