Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 3
Message 1 of 14

Installing npm packages from the GitHub package registry

In my action I want to install npm dependencies that are hosted on the GitHub package registry.  There is

Authenticating to GitHub Package Registry. This links to GITHUB_TOKEN secret

 

Reading this I thought I could do:

- name: npm install
  run: npm install
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

 

But this does not seem to work.

 

I came up with this code and it works. But I was wondering if there was another way:

- name: Authenticate with GitHub package registry
  run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
- name: npm install
  run: npm install
13 Replies
Highlighted
GitHub Staff
Message 2 of 14

Re: Installing npm packages from the GitHub package registry

You should be able to use your GITHUB_TOKEN with GitHub Package Registry.  The npm application uses the environment variable NODE_AUTH_TOKEN, however.  So you'll need to set that environment variable to the value of the GITHUB_TOKEN.  For example:

 

- name: npm publish
  run: npm publish
    env:
      NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Copilot Lvl 3
Message 3 of 14

Re: Installing npm packages from the GitHub package registry

Thank you for your answer. It sadly does not work for me

 

I tried it like this:

- name: npm install
  run: npm install
  env:
     NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

 

and received:

npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"

 

When indenting env like you did in your example:

- name: npm install
  run: npm install
    env: # line 20
      NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

 

I receive this error:

Invalid workflow file

 

yaml: line 20: mapping values are not allowed in this context

 

Or do you mean actions/npm ?

Copilot Lvl 2
Message 4 of 14

Re: Installing npm packages from the GitHub package registry

Hi ankri,

 

Aren't you confusing npm install and npm publish ?

 

npm install doesn't need any tokens to work.

 

npm publish uses the environment variable NODE_AUTH_TOKEN.

 

That said, like I have mentioned in my other thread, I have been unable to get it working with GITHUB_TOKEN. I only got it working with a personal access token.

 

 

Copilot Lvl 3
Message 5 of 14

Re: Installing npm packages from the GitHub package registry

Sorry, I should have mentioned that I want to download a package from a private github repository. To be able to install from the private repo I need to authenticate first.

Copilot Lvl 2
Message 6 of 14

Re: Installing npm packages from the GitHub package registry

OK I see. it's ethomson that talked about npm publish not you...

 

I'm also interested by the proper way of doing a npm install when you have dependencies that are stored in a private GitHub Package Registry.

GitHub Staff
Message 7 of 14

Re: Installing npm packages from the GitHub package registry

For the flow @ethomson mentions you need to setup the .npmrc.  We have a starter workflow that does it for publish but I think the configuration is the same.

 

https://github.com/actions/starter-workflows/blob/master/ci/npm-publish.yml#L35

 

  publish-gpr:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@your-github-username'
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
Copilot Lvl 2
Message 8 of 14

Re: Installing npm packages from the GitHub package registry

Hi @chrispat ,

Unfortunetly, there seems to be a bug with actions/setup-node that prevents us from performing an npm publish to GPR using GITHUB_TOKEN. It works with a PAT.

Issues #49#52 and #53 relate to this.

 

Indeed, theoretically, you are suppose to use:

with:
registry-url: https://npm.pkg.github.com/ scope: '@your-github-username'

and:

env:
  NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

Then, actions/setup-node takes that info to setup .npmrc

 

Unfortunetly, something is broken.

 

If you manually edit .npmrc like this...

name: NPM Publish to GitHub Package Registry

on: push

jobs:
  build:

    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@master
    - uses: actions/setup-node@v1
      with:
        node-version: 12
    - run: echo "@peterhewat:registry=https://npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
    - run: npm publish

... the Action appears to succeeds as you can see in my example.

 

Unfortunetly, doing so, for some unknown reason, the package isn't present in the GPR as you can see here:

https://github.com/PeterHewat/npm-publish-gpr2/packages

(version should be 0.0.3 ... 0.0.1 was with a previous run using a PAT...)

 

Copilot Lvl 2
Message 9 of 14

Re: Installing npm packages from the GitHub package registry

Not sure I edited my .npmrc correctly. It should have been:

- run: printf "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}\n@peterhewat:registry=https://npm.pkg.github.com/" > ~/.npmrc
- run: npm publish

This gives me the same 500 Internal Server Error as when I use the "official" way mentioned by @chrispat (with: registry-url...).

 

 

Ground Controller Lvl 1
Message 10 of 14

Re: Installing npm packages from the GitHub package registry

@PeterHewat I think you're right that you need to use a personal access token if your package is produced in another repo, at least for private repos. But I don't think you need to modify ~/.npmrc manually. This worked for me (after adding a PAT secret with a read:packages scope):

 

 

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1

    - uses: actions/setup-node@v1
      with:
        node-version: 12
        registry-url: https://npm.pkg.github.com/
        scope: '@hashtagchris'

    - run: npm ci
      env:
        NODE_AUTH_TOKEN: ${{secrets.READ_PACKAGES_PAT}}