How to publish/deploy a npm package to custom artifactory - npm

I want to do something like this:
Create an npm package. Basically, a common code which I want to use for all of my projects. Which I created.
But now What I want is, Every time I commit something in git for this project, Jenkins should build it with updated alpha/beta version and should publish to my own artifactory.

Your Jenkins job can be configured to be triggered by a webhook, which would take care of the first part (every time I commit). Depending on which Git server you're using you can find a lot of tutorials how to do that:
For GitHub
For GitLab
For Gogs
please note this is just a random selection of tutorials how to set up the webhook triggers to work with Git servers and by no means an exhaustive list
To publish your package to JFrog Artifactory you can either use the Jenkins Artifactory Plugin, or use the NPM command line. If you want to use the npm command line, you'll need to authenticate first:
# setting the default registry to Artifactory
npm config set registry http://<ARTIFACTORY_SERVER_DOMAIN>:8081/artifactory/api/npm/npm-repo/
# log in
npm login
alternatively you can get a .npmrc file directly from Artifactory using:
curl -u admin:<CREDENTIAL> http://<ARTIFACTORY_SERVER_DOMAIN>:8081/artifactory/api/npm/auth
After that, there are two ways you can push your package to Artifactory:
Edit your package.json file and add a publishConfig section to a local repository: "publishConfig":{"registry":"http://localhost:8081/artifactory/api/npm/npm-repo/"}
Provide a local repository to the npm publish command: npm publish --registry http://localhost:8081/artifactory/api/npm/npm-repo/

Related

Setting Nexus auth token from the commandline

I figured this would be a problem that has been solved a million times over, but I just can't find the solution. I wish to setup my Java Maven project to install Angular dependencies from my private Nexus server. I use the frontend-maven-plugin to install a new npm every time, so the configuration must be available for that npm for it to work.
I know I can add the following to my .npmrc file and it works:
registry = http://nexus.global.dns/repository/npm-all/
_authToken = NpmToken.xxx
always-auth = true
The problem I have with this solution is that the auth token gets checked into git and that I have to remove it every time I work outside of my network, where I do not have access to the nexus server. This happens for example when I am developing something for the frontend away from home as my nexus server is not on the cloud. So I wish for nexus to be used only by my jenkins pipelines which will use the frontend-maven-plugin.
I figured I would set the registry the commandline way but that is proving to be a challenge. In my frontend-maven-plugin I have set up executions that run the following lines:
npm set registry http://nexus.global.dns/repository/npm-all/
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
This returns a 401 error as it is not able to authenticate: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
My next attempt was to remove the explicit mention of the repository I want to use from Nexus, because maybe it can figure out which one it should use:
npm set registry http://nexus.global.dns
npm //nexus.global.dns/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
npm install --no-package-lock
Authentication now seemingly works, but it is trying to pull the dependencies from http://nexus.global.dns as expected. I get the following error: 404 Not Found - GET http://nexus.global.dns/#angular-builders%2fjest
If I navigate to http://nexus.global.dns/repository/npm-all/#angular-builders%2fjest instead I do get the dependency's package.json as a response.
Clearly the registry should be http://nexus.global.dns/repository/npm-all/ but I can't get authentication to work with the command line. I have also tried:
npm //nexus.global.dns/repository/npm-all/:_authToken=${NEXUS_NPM_AUTH_TOKEN}
but this does not work either. How do I set the auth token for my Nexus private server through the command line?

How to fix 404 error when installing npm package from GCP artifact registry with yarn?

I'm having an issue with installing an NPM package from GCP.
I was able to upload the package to the artifact registry of GCP by doing the following steps:
Login to my google account (gcloud auth application-default login)
Run
gcloud artifacts print-settings npm \ --project=[my-project]\ --repository=[my-repo] \ --location=us-east1 \ --scope=#[my-scope]
Pasting the output of the previous step in the .npmrc file located in the root of the project.
Refreshing the access token to GCP (npx google-artifactregistry-auth ./.npmrc)
Run yarn publish
My .npmrc file looks like this:
#[my-scope]:registry=https://us-east1-npm.pkg.dev/[my-project]/[my-repo]/
//us-east1-npm.pkg.dev/[my-project]/[my-repo]/:_authToken="[auth-token]"
//us-east1-npm.pkg.dev/[my-project]/[my-repo]/:always-auth=true
However, when I try to install the package on another project by:
Executing steps 1-4 mentioned above
Run yarn add #[my-scope]/[my-package]
I get an 404 error.
Looks like yarn is looking for the package in the default registry:
error An unexpected error occurred: "https://registry.yarnpkg.com/#[my-scope]/#[my-pacakge]/-/#[my-scope]/[my-package]-0.0.1.tgz: Request failed \"404 Not Found\"".
I simply followed the steps mentioned in the installation instructions in GCP but somehow it's not working.
I encountered a similar issue in this post: Can't install a scoped package I published to a npm registry in GCP but this not the exact error I get.
I would appreciate any help regarding this issue.
Thanks in advance!
I just had this problem for a couple of days and the solution is simple, DO NOT USE YARN when publishing. That's it.
I don't know which part of yarn causes this but basically it ignores .npmrc resulting in the tarball to point to the wrong repository, you can check it if you run yarn info. So when publishing to GCP artifact registry one should use npm publish instead.
In both setting up authentication for npm and Managing Node.js packages, Obtaining an access token section the command used is
npx google-artifactregistry-auth
In the same section there is a note that explains how to add flags if you need to change the path of the .npmrc file.
Note: If you need to store your repository settings and credentials in .npmrc files other than the defaults, you can run the credential helper with additional flags.
--repo-config is the .npmrc file with your repository settings. If you don't specify this flag, the default location is the current directory.
--credential-config is the path to the .npmrc file where you want to write the access token. The default is your user .npmrc file.
Instead of:
npx google-artifactregistry-auth ./.npmrc
It could be written as
npx google-artifactregistry-auth --repo-config=pathto/.npmrc --credential-config=pathto/.npmrc
If you are not sure where your file is you can run npm config ls -l | grep config as explained here
Also check you are specifying the correct .npmrc path if it is different than the default registry as shown in Configuring npm and confirm you are trying to install a package from the Node.js package repository with the correct scope, package, tag or version to be completely explicit.

Verdaccio: how to publish to custom server from Github Actions with proper credentials?

I have a working verdaccio server hosted on a google cloud server. I am able manually publish to it, but am struggling to create a GitHub Action to publish to it when I push to master branch.
I have a script that works perfectly when publishing to npmjs public repo. Here is the relevant part that works for npmjs.org
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Now, for my own server, I have included the following addition in package.json:
"publishConfig": {
"registry": "http://my.ip.0.0:port"
},
And then in the repositories secrets, I have created an NPM_TOKEN secret with my user's token copied from my computer's .npmrc file after logging in.
I'm getting the following error from the Github Actions result:
npm ERR! code E401
npm ERR! Unable to authenticate, your authentication token seems to be invalid.
npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
So I'm clearly not authenticating properly.
I tried (on the server's cli) using npm token create but it gave me an unauthorized error, and I tried the same on my computer locally after logging in too, and got the same error.
How can I authenticate my Github Actions publish to my custom Verdaccio server? I'm pretty new to this whole CI business, so I suspect I'm missing something quite basic. I suspect I'm doing it wrong using NPM_TOKEN, but it worked fine to publish to npmjs.org public repo.
Again, I can manually publish using npm publish from the terminal on my Mac (after logging into custom server with npm login), so I know that the server is set up properly.
After much googling, I found a solution from this tutorial https://remysharp.com/2015/10/26/using-travis-with-private-npm-deps
It's not written for GitHub Actions but the same procedure worked.
First, you need to login to your private server from your computer. In your home folder look at the .npmrc file (turn on show hidden files).
add this line to the yaml action file:
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
Note that it should actually be NODE_AUTH_TOKEN, NOT your actual token.
The part in the quotes should mostly match the entry in your .npmrc file (without the token).
So now it looks like this
- name: Publish to npm
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yarn install
git checkout upm
echo "//YOURREGISTRYADDRESS/:_authToken=\${NODE_AUTH_TOKEN}" > .npmrc
npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
Then in the Settings -> Secrets part of your GitHub repo, add a secret called NPM_TOKEN and paste in the auth token value from the .npmrc. It's a long series of letters and numbers.
Now this script should properly log in. Apparently the issue is that the default Verdaccio authorization plugin expects it to be used interactively. This line basically creates an .npmrc file on the fly and populates it with the correct info, as if you've already logged in interactively. The file isn't actually created though, and disappears after running, which is a nice touch. It also is pretty secure since it stores the token in the secrets part of the repo. The link above does a better job explaining it, so check it out!

How to use yarn with private npm registry in Sonatyoe Nexus OSS?

I ve setup the nexus oss 3 and it looks cool. All my projects are installed by using yarn because of the --pure-lockfile option.
Steps to reproduce the issue:
1. Setup nexus oss 3 with a private npm registry (as in documentation)
2. Disable anonymous access from nexus oss 3 admin panel
3. On a linux server with alpine try to yarn install --pure-lockfile (you must have a package that is hosted on the private repo in package.json)
4. Does not work, return 401 error
I tried everything but i could not manage to make yarn to login to get those packages.
If i use npm install, it works.
Can someone tell me how to make yarn work nexus oss3 using the setup from above?
If npm install is working, then you must have login credentials and repository correctly defined.
Open terminal and run npm login, give your username and password for nexus account. This will create a file ~/.npmrc. Open this file nano ~/.npmrc, output look like
//<repository>:_authToken=NpmToken.<token>
A dummy example:
//test.server.com/repository/npm-group/:_authToken=NpmToken.123456-12345-12345-tok-en0onum
Go to the project directory cd <project_dir>, create a new file .yarnrc, open it nano .yarnrc. Insert the following line, save and exit (Ctrl+O, Ctrl+X) it.
registry "<repository>"
Create another file .npmrc in the same directory <project_dir>. Open, add the following line, save and exsit.
registry=<repository>
always-auth=true
//<repository>:_authToken=NpmToken.<token>
Delete the .npmrc at home directory rm ~/.npmrc.
Now you can download node_modules with yarn or yarn install.
I had same issue with nexus 3 and use this configuration on my .npmrc file:
registry=https://your.nexus.com/repository/some-npm/
always-auth=true
/* basic-auth-token: your user:password in base64 */
_auth=<basic-auth-token>
Hope this help you!
The fact that your requests returns 401 (Unauthorized) means that you should supply credentials when connecting to Nexus.
It is far from being a nice solution but I got it working using
yarn set registry https://user:pwd#your.nexus.host/nexus3/repository/npmjs/
I use yarn 1.4.0 (release candidate). It should also work on 1.3.2, but I cannot test that because 1.3.2 has issues with HTTPS_PROXY env vars.

How should I set up a private npm registry?

For a company project, I'd like to set up a private npm registry using Artifactory or Nexus, so packages can be shared with everyone without publishing them on https://registry.npmjs.org/
In maven I would set up a release and a snapshot repo. For resolving I would put them in a group alongside a proxy of maven central.
How does a setup for npm look like? npm's semver is able to differentiate release and prerelease, but I assume that routing them to different registries could be quite a difficult task.
On the other hand one might want to be able to have control over what gets pushed to the "release registry", implementing permissions accordingly. For this you would have to use a "prerelease" and a "release" registy.
according this link. How to set up a free private npm registry… for Windows
you can use the Verdaccio.follow this:
Download the ‘Current’ version of NodeJS .
Install Python. Open Powershell as an Admin and run
npm i -g --production windows-build-tools
then Run
npm i -g node-gyp.
Get the Python.exe file path.
Verify where Python was installed, typically it is stored in the following folder
C:\Users\user-name.windows-build-tools\python27
copy the path + \python.exe.
Add a new Environment Variable.
open the File Explorer and right-click on Computer and select Properties.
Select Advanced system settings and then select Environment Variables.
If PYTHON is not listed under System Variables select New.
Add PYTHON as the variable name and the saved path from Step 3 as the variable value -> Select OK.
Installing / Configure Verdaccio
Open up a command prompt and run npm i -g verdaccio.
Verify the install for Verdaccio was successful.
Open up a new command prompt and run verdaccio You should see the following output.
Open up your favorite browser to localhost:4873
more info:
www.verdaccio.org/docs/en/installation
www.npmjs.com/package/verdaccio
I hope is useful.
If I understood you correctly you would like to have the ability to have a "release" and "snapshot" repository for NPM same as you have now for Maven.
If this is indeed the case then what you can do in Artifactory is to set 2 repositories, one for the "prerelease" and another one for the "release" and aggregate both under one virtual NPM repository. As you mentioned you can have a different set of permissions for each repository and therefore control who can deploy/resolve dependencies and also have the ability to move artifacts from one another.
Hope that answers your question.
In terms of how to do this in Nexus Repository if you really need to, I'd suggest setting up:
npm-release (npm hosted)
npm-prerelease (npm hosted)
npm-all (npm group)
Make the group include both members (so you can install using one URL), and then in your build script or whatever you are using to publish into Nexus Repository, just use the --registry flag to specify which repository you want to publish in to, something akin to this for a "release":
npm publish --registry http://localhost:8081/repository/npm-release/
And this for a "prerelease":
npm publish --registry http://localhost:8081/repository/npm-prerelease/
Here are the npm docs for Nexus Repository 3.x if you need some more help: https://books.sonatype.com/nexus-book/reference3/npm.html