Download private module from Github Package Registry via Yarn within a Github Action? Publishing works, but installing is met with '401 Unauthorized'

我与影子孤独终老i 提交于 2020-06-12 05:40:31

问题


For various reasons we are stuck using yarn managing our packages so we can't rely on a package-lock.json to use npm with github actions.

We cannot get Yarn to authenticate as part of a github action. We've got our repo npmrc configured as:

@COMPANY:registry=https://npm.pkg.github.com
registry=https://registry.npmjs.org/

And we're using this action for yarn.

Here's a basic setup where we're just trying to install the modules -- nothing more.

name: CI
on: [push]
jobs:
  build:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: borales/actions-yarn@v2.1.0
        with:
          auth-token: ${{ secrets.GITHUB_TOKEN }}
          registry-url: "https://npm.pkg.github.com"
          scope: tlabs
          cmd: version
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_REGISTRY_URL: https://npm.pkg.github.com
      - name: Create NPMRC
        run: |
          echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
      - name: Install
        run: |
           yarn install --verbose

By default, this action will try to run install so to bypass that I provided a basic command there 'version' so it just displays the yarn version and nothing more.

Running yarn install will work for all other packages but when it gets to our private modules, it will try to get them from the right registry (github) but will be hit with a 401.

Full error:

verbose 7.614802156 Error: https://npm.pkg.github.com/download/@tlabs/utils/1.0.1/afe9eaa6f9565f95c31563cbecfe617d7970f44077302cbe9ca8ee3223550469: Request failed "401 Unauthorized"
    at ResponseError.ExtendableBuiltin (/usr/share/yarn/lib/cli.js:696:66)
    at new ResponseError (/usr/share/yarn/lib/cli.js:802:124)
    at Request.<anonymous> (/usr/share/yarn/lib/cli.js:66996:16)
    at Request.emit (events.js:210:5)
    at Request.module.exports.Request.onRequestResponse (/usr/share/yarn/lib/cli.js:141441:10)
    at ClientRequest.emit (events.js:210:5)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:583:27)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:115:17)
    at TLSSocket.socketOnData (_http_client.js:456:22)
    at TLSSocket.emit (events.js:210:5)
error An unexpected error occurred: "https://npm.pkg.github.com/download/@tlabs/utils/1.0.1/afe9eaa6f9565f95c31563cbecfe617d7970f44077302cbe9ca8ee3223550469: Request failed \"401 Unauthorized\"".

回答1:


The default GITHUB_TOKEN is only scoped for the current repository. You cannot use it to access packages in another repository. Use a read:packages and repo scoped Personal Access Token instead of GITHUB_TOKEN.



来源:https://stackoverflow.com/questions/58975181/download-private-module-from-github-package-registry-via-yarn-within-a-github-ac

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!