Reputation: 856
NPM Install from GH Packages: works locally but not in GH action
I have published a private package to our org's package repository.
As per the documentation I added an .npmrc file to another project's root with the following content:
registry=https://npm.pkg.github.com/my-org
In my local ~/.npmrc the sits my Authtoken for npm.pkg.github.com
I installed the published package in my package.json with the following entry in the package.json
"@my-org/my-package": "^1.0.0",
When installing locally this works fine.
When installing via Github Actions the installation fails with the following error:
npm ERR! code E404
npm ERR! 404 Not Found - GET https://npm.pkg.github.com/my-org/@my-org%2fmy-package - npm package "my-package" does not exist under owner "my-org"
npm ERR! 404
npm ERR! 404 '@my-org/[email protected]' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
It seems like "my-org" is used two times in the path to the package? Why does it work locally but not in Github Actions?
Originally my .npmrc only was like this (no org added to the registry URL):
registry=https://npm.pkg.github.com
That also works fine locally.
It also works for all scoped packages (like @coogle-cloud) in the github Action but did not work for unscoped packages:
npm ERR! code E404
npm ERR! 404 Not Found - GET https://npm.pkg.github.com/chai
npm ERR! 404
npm ERR! 404 '[email protected]' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
Update: so, I took my personal accesstoken (which worked locally) and commited, now the install workflow suceeds.
The documentation (https://help.github.com/en/github/managing-packages-with-github-packages/using-github-packages-with-github-actions) says: "the GITHUB_TOKEN has read:packages and write:packages scopes." Isn't that sufficient?
My personal access token has delete:packages, read:packages, repo, write:packages.
Upvotes: 1
Views: 1342
Answers (1)
Reputation: 856
buried in some arbitrary twitter thread is the information that the GITHUB_TOKEN only has access to the current repo. https://twitter.com/char_fish/status/1191442780729556993?s=21
The solution is to explicitly define a personal (sic!) access token and to place in the secrets store of the repository using this secret to authenticate against the package repository.
- name: 'authenticate with GH package registry'
run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc
Upvotes: 5
Related Questions
- GitHub Actions fails on npm ci
- github action for npm publish fails
- npm install in GitHub Action fails with "ENOENT: no such file or directory" - Works fine elsewhere
- Github's action is not building react application
- npm install failing in git action but working locally
- Unable to publish an npm package with github actions
- GitHub Action Cache with npm install -g (without package.json)
- GitHub Actions throws Git Error when npm installing private GitHub repo
- install npm modules in github actions
- github actions - npm install is failing with exit code1