Hi there,
I have a private repo that, using Github Actions workflow, I have published as a private npm package on Github Package Registry. I want to consume this package in the scope of another private project of mine. But there is an issue. Upon importing the GPR hosted package as a dependency I get a ‘module not found’ error.
- Github Actions workflow successfully publishes private npm package to GPR.
- The published package appears under ‘Package’ tab at Github user landing.
- GPR_ACCESS_TOKEN is a PAT (ensuring that I can consume the package).
BELOW: the error in question
BELOW: .npmrc file at root of project consuming private package
@slackermorris:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=XXXX-XXXX-XXXX-XXXX
BELOW: Github Action responsible for republishing private npm package to Github Registry.
name: Node.js Package
on:
push:
branches:
- master
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
- run: npm ci
- run: npm test
env:
CI: true
publish-gpr:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
registry-url: https://npm.pkg.github.com
scope: slackermorris
- run: npm ci
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GPR_ACCESS_TOKEN}}
BELOW: package.json of the published npm package.
"name": "@slackermorris/bostock-metaball-animation",
"version": "1.0.3",
"main": "index.js",
"author": "slackermorris",
"license": "MIT",
"publishConfig": {
"registry": "https://npm.pkg.github.com"
} ...
Hi @slackermorris,
Did you have any luck getting this working?
I think you might need to pass NODE_AUTH_TOKEN to the npm ci step in your workflow.
For example:
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{secrets.GPR_ACCESS_TOKEN}}
Does that make sense?
Hi there,
So sorry that I did not reply. Thank you very much for your time. I discovered a number of issues on my behalf:
- I resorted to using
GITHUB_TOKEN as my means for authenticating Github Package Registry. I did not release this was automatically generated upon executing the Github Action Workflow. Though, I am unsure why using my own created PAT did not work… :S.
- I had configured the job to publish to GPR incorrectly: I was pointing to the NPM registry and not the GPR (NPM proxied) registry:
[WRONG] registry-url: 'https://registry.npmjs.org'
[RIGHT] registry-url: 'https://npm.pkg.github.com'
I have included my main.yml workflow, which I used to publish to GPR, if anyone is interested:
name: Publish Node.js Package
on:
push:
branches:
- master
release:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v1
with:
node-version: 12
- run: npm ci
- run: npm test
- run: npm run build
- name: zip node_modules as build artifact
run: zip -9qry "build.zip" "./" -i "node_modules/*"
- name: upload build.zip
uses: actions/upload-artifact@v2
with:
name: build.zip
path: build.zip
env:
CI: true
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
publish-gpr:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 12
registry-url: https://npm.pkg.github.com/
scope: '@slackermorris'
- name: authenticate with Github Package Registry
run:
echo "//npm.pkg.github.com:_authToken=${{ secrets.GITHUB_TOKEN }}" >
~/.npmrc
- name: download build.zip
uses: actions/download-artifact@v2
with:
name: build.zip
- name: unzip build.zip
run: unzip -q build.zip
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
I also found these links really helpful:
Helpful when publishing package:
- NPM Publish to GPR and NPM | Mitchell Simoens Blog
- Automatically Publish to npm using GitHub Actions - Sergio Xalambrí
- https://github.com/actions/setup-node/issues/130#issuecomment-691103257
Helpful when consuming said package:
- Github actions, 401 unauthorized when installing a Github Package with npm or yarn - Stack Overflow
- Install GitHub Package: Request Failed \”401 Unauthorized\” | by Peter Prins | Medium
