CODEWITHSUNDEEP
node.jsgithubnpmgoogle-cloud-functions
lobstertheremin
lobstertheremin

Reputation: 41

Installing private GitHub npm package in Google Cloud Functions does not work

I'm trying to deploy a microservice to GCF, which has a dependency of a private GitHub-hosted package. To gain access to the package, I added a .npmrc file to the function as described here, the file looks like this:

registry=https://npm.pkg.github.com/OWNER
//npm.pkg.github.com/:_authToken=PERSONAL-ACCESS-TOKEN

Also tried using a NPM_TOKEN env variable in the Cloud Function

NPM_TOKEN=PERSONAL-ACCESS-TOKEN

Both result in the following error:

OperationError: code=3, message=Build failed: { error: { canonicalCode: "INVALID_ARGUMENT" }}

npm ERR! 404 Not Found: @packagescope/packagename

Installing locally works fine, so does deploying on Zeit Now.

Upvotes: 3

Views: 2008

Answers (1)

arri.io
arri.io

Reputation: 556

I just ran into this problem so I'm sharing the fix that works with node v8 and v10 Cloud Functions.

The following is required to use the .npmrc to install packages from a private Github packages registry:

  1. The .npmrc needs to be located in the functions folder at the same level as the package.json file
  2. A registry entry for the your account/org scope is required, including the url like so, assuming Anchorman uses Github: @ronburgundy:registry=https://npm.pkg.github.com/ronburgundy
  3. A Github personal access token is required for authentication, like so //npm.pkg.github.com/:_authToken=ronburgundypersonalaccesstoken
  4. Assuming you follow best practice and do not commit the .npmrc with secrets you will need to ensure that the file is transformed to include the personal access token prior to deploying via firebase cli, as there's no other way to inject the value at runtime.

So the original example would work if it looked like this:

@OWNER:registry=https://npm.pkg.github.com/OWNER
//npm.pkg.github.com/:_authToken=PERSONAL-ACCESS-TOKEN

While Github's docs seem to suggest that you should redirect ALL scoped and unscoped package installs to their registry it appears that Google Cloud Functions does not allow us to redirect all package installs to a private registry, only those that we configure based on scope.

Upvotes: 2

Related Questions