-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
registry-url ignored completely #926
Comments
Hello @CamJN |
Hello @CamJN, Thank you for creating the issue once again. I've tried to reproduce the issue with respect to setup-node package, but it is working as expected. I am suspecting the below can be the root cause for the issue.
Please feel free to share if any further clarifications needed. Thanks!! |
Thanks for getting back to me, sorry my issue isn't reproducing for you, I know that's annoying.
As you can see from the logs I linked to in my report, npm tries to publish to https://registry.npmjs.org/ when I set the registry-url to https://npm.pkg.github.com/, so checking permissions isn't likely to help, as it's not trying to publish to github packages at all. |
Hello @CamJN, Thank you for an update!! Thank you once again for letting us know, that .npmrc file is not available at project level. Could you please try to run the npm.yml workflow by adding below code snippets at publish-gpr step before npm publish step in npm.yml file.
Kindly refer the URL to refer the details about .npmrc file |
Per that same page you linked to: https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#publish-to-npmjs-and-gpr-with-npm it should not be necessary to create an npmrc file, just run this action then publish. In fact the section on yarn2 (which I do not use but am simply quoting from) says that the setup-node action creates an npmrc file, but that doesn't seem to happen, I tried to cat the file and it doesn't seem to exist, perhaps I looked at the wrong path. In my testing the auth line needs to be:
|
Hello @CamJN, Thank you for an update!! I believe the below code snippet is causing an issue. echo //npm.pkg.github.com/:_authToken=${{ github.token }} >> .npmrc Try to add below code snippet instead of above. echo _authToken=${{ secrets.GH_PAT }} >> .npmrc Kindly try to rerun the workflow after making above change. Also, make sure the github.token is available and has the appropriate permissions needed for publishing to GitHub Packages. |
I am sorry I wasn't clear.
Further, I have the workflow working at this point, though this action does seem to be broken, since I have to setup auth to the repo manually when this action is supposed to do so. I've looked at the action's code and it prefers to put the |
Hello @CamJN, Thank you for the information and confirmation that the workflow is working from your end. Apologies for the delay in the response to provide the information about the current implementation of the setup-node. The current implementation of setup-node is .npmrc file is created in the runner and set the the file location to NPM_CONFIG_USERCONFIG and should make sure that NPM token is properly configured (for automation primarily) and that it has been added as a repository secret in the repo's settings. please find the below code snippet that explains the functionality. export function configAuthentication(registryUrl: string, alwaysAuth: string) { writeRegistryToFile(registryUrl, npmrc, alwaysAuth); onst authString: string = The below command will fix the issue as a workaround. If you're experiencing any further issues related to this one or any other (or if the information current implementation solve this one for you), please feel free to reach out to reopen the issue. |
This quote:
is contradicted by this one:
The action documents that it will setup auth for you, it does not. Thus there is a bug in the action. The bug is that it relies on the |
The provided example doesn't work as acknowledged by the `setup-node` team, as of [github#926](actions/setup-node#926 (comment)). This is also a long known problem, see [github#249](actions/setup-node#249). This is considered to be a drastic measure to make sure the `setup-node` team takes responsibility for the problem.
Hello @CamJN, Apologies for the delayed response. As mentioned in the docs example with a comment like # Setup .npmrc file to publish to GitHub Packages aligns with the current functionality of setup-node as it provides users with a correct and secure way to configure their workflows for publishing Node.js packages. Please find the setup instructions below to configure .npmrc file
We have tried the same and able to publish the packages successfully. The actions/setup-node action includes functionality to check the npm version and generate an appropriate authentication string. The below is the detailed explanation of the process: Additionally, as per the npm/cli documentation, npm will consider the NPM_CONFIG_USERCONFIG environment variable for a custom user configuration file. The issue mentioned in your previous comment originates from npm/npm, which was archived on August 11, 2022, because the npm CLI codebase was moved to the npm/cli repository. |
No, it doesn't; here's the code: https://github.com/actions/setup-node/blob/main/src/authutil.ts#L47-L48 the same string is generated regardless of npm version. However it seems that it works now as expected: https://github.com/getargv/getargv.js/actions/runs/10323155075/job/28579915789 and since that code hasn't changed in 5 years, I'm going to assume that npm fixing its environment-variable-case problem was what fixed it. |
Description:
The registry-url set in the config is ignored and npm is used unconditionally
Action version:
v4
Platform:
Runner type:
Tools version:
node version = v21.5.0
npm version = 10.2.4
see
npm config list
output in linked job for moreRepro steps:
https://github.com/getargv/getargv.js/blob/main/.github/workflows/npm.yml
Expected behavior:
The package is pushed to GPR.
Actual behavior:
https://github.com/getargv/getargv.js/actions/runs/7272407299/job/19814479275
The text was updated successfully, but these errors were encountered: