Npm install fails with package.json containing a private repository url with git+https #25983

akoskm · 2020-06-28T10:21:52Z

akoskm
Jun 28, 2020

I followed this guide:

Easier builds and deployments using Git over HTTPS and OAuth - The GitHub Blog

We first introduced OAuth2 tokens in the GitHub API starting in v3. Unlike usernames and passwords, OAuth tokens provide additional benefits: Revocable access. Tokens can be revoked at any time from a user’s settings screen

and created a personal access token for my account:

image752×207 23.7 KB

this is what I have in my package.json in another project:

    "my-private-repo": "git+https://<my-personal-access-token>:x-oauth-basic@github.com/my-org/my-private-repo.git",

Two strange things are happening during npm install in my workflow:

image1186×510 148 KB

I receive a bunch of these npm WARN tar ENOENT: no such file or directory messages, I don’t know if they are related to the problem in 2.)
installation fails with Permission denied

Here’s my workflow file (I added persis-credentials: false after reading Cannot install npm module from a github private repository):

name: Build # This workflow is triggered on pushes to the repository. on: [push] jobs: build: services: mongodb: image: mongo:4.2 ports: - 27017:27017 runs-on: self-hosted container: my-org/my-org-base steps: - name: Checkout uses: actions/checkout@v2 with: persist-credentials: false - name: Use Node.js uses: actions/setup-node@v1 with: node-version: '8.17.0' - name: Install run: npm install - name: Bundle run: npm run build - name: Run unit tests env: MONGOLAB_URI: mongodb run: | ./version.sh npm run test-unit - name: Run client tests run: npm run test-client - name: Run integration tests env: MONGOLAB_URI: "mongodb://mongodb" run: npm run test-integration

Answered by Yanjingzhu

Jun 29, 2020

Let me help you troubleshoot this issue.

Please run

git config --local -l

and check the authorization token in http.https://github.com/.extraheader=AUTHORIZATION: basic .

Could you please run npm install command directly in a run script? You could store your PAT in secrets.

 - name : install private github repo
   run: |
       npm install git+https://$ANOTHER_TOKEN:x-oauth-basic@github.com/my-org/my-private-repo.git
   env: 
       ANOTHER_TOKEN: ${{ secrets.YourPAT }}

Please try to run your job on ubuntu-latest runner , will npm install step succeed?

View full answer

Yanjingzhu · 2020-06-29T07:50:34Z

Yanjingzhu
Jun 29, 2020

Let me help you troubleshoot this issue.

Please run

git config --local -l

and check the authorization token in http.https://github.com/.extraheader=AUTHORIZATION: basic .

Could you please run npm install command directly in a run script? You could store your PAT in secrets.

 - name : install private github repo
   run: |
       npm install git+https://$ANOTHER_TOKEN:x-oauth-basic@github.com/my-org/my-private-repo.git
   env: 
       ANOTHER_TOKEN: ${{ secrets.YourPAT }}

Please try to run your job on ubuntu-latest runner , will npm install step succeed?

0 replies

akoskm · 2020-07-01T07:32:29Z

akoskm
Jul 1, 2020
Author

and check the authorization token in http.https://github.com/.extraheader=AUTHORIZATION: basic .

Because this is happening on a self-hosted runner I assume I should have this configuration on the machine that hosts the actions-runner. Is that correct?

0 replies

Yanjingzhu · 2020-07-01T08:13:12Z

Yanjingzhu
Jul 1, 2020

I suspect it is the credential stored for your git client (on your self-hosted runner machine) caused Permission denied issue when try to install your private repo.
The actions/checkout@v2 will persist the auth in a git extraheader config in default. If you set persis-credentials: false , there will no extraheader in git config .
So I want you to run git config --local -l to see whether there is the local git config of extraheader. You need to change working directory to the work folder of the self-hosted runner .

runner git770×650 31.9 KB

If there is no extraheader in your git config, could you please run
npm install git+https://:x-oauth-basic@github.com/my-org/my-private-repo.git in your local machine under the work folder of your runner? What’s the result?

self-runner836×706 29.2 KB

0 replies

akoskm · 2020-07-04T08:06:41Z

akoskm
Jul 4, 2020
Author

Surprisingly, this worked:

Could you please run npm install command directly in a run script? You could store your PAT in secrets.

Here’s the output from the build step:

image1355×430 60.1 KB

After this, I didn’t try npm install git+https://:x-oauth-basic@github.com/my-org/my-private-repo.git in my local machine under the work folder of the runner. After the above output, I expect it to be successful.

Here’s the output of git config --local -l from the action-runner/_work/my-project/my-project folder:

$ git config --local -l
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.com/akoskm/my-project
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
gc.auto=0
branch.develop.remote=origin
branch.develop.merge=refs/heads/develop

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Npm install fails with package.json containing a private repository url with git+https #25983

{{title}}

Replies: 4 comments

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

GitHub Community

Npm install fails with package.json containing a private repository url with git+https #25983

akoskm Jun 28, 2020

Easier builds and deployments using Git over HTTPS and OAuth - The GitHub Blog

Replies: 4 comments

Yanjingzhu Jun 29, 2020

akoskm Jul 1, 2020 Author

Yanjingzhu Jul 1, 2020

akoskm Jul 4, 2020 Author

akoskm
Jun 28, 2020

Yanjingzhu
Jun 29, 2020

akoskm
Jul 1, 2020
Author

Yanjingzhu
Jul 1, 2020

akoskm
Jul 4, 2020
Author