Use GitHub Actions to publish npm package error: login required

[yisibl]

https://github.com/yisibl/resvg-js/runs/3846453308?check_suite_focus=true

CI: https://github.com/yisibl/resvg-js/blob/d2c05784fe391f6ecdb46dbc129d467a167e239c/.github/workflows/CI.yaml#L455-L500

npm config list
; "user" config from /home/runner/work/_temp/.npmrc

//registry.npmjs.org/:_authToken = (protected) 
always-auth = false 
registry = "https://registry.npmjs.org/" 

; "env" config from environment

userconfig = "/home/runner/work/_temp/.npmrc" 

; node bin location = /opt/hostedtoolcache/node/16.11.0/x64/bin/node
; cwd = /home/runner/work/resvg-js/resvg-js
; HOME = /home/runner
; Run `npm config ls -l` to show all defaults.


2021-10-09T12:13:05.765Z napi:spawn execute npm publish
npm notice 
npm notice 📦  @resvg/resvg-js-win32-x64-msvc@1.0.0
npm notice === Tarball Contents === 
npm notice 104B  README.md                  
npm notice 629B  package.json               
npm notice 2.4MB resvgjs.win32-x64-msvc.node
npm notice === Tarball Details === 
npm notice name:          @resvg/resvg-js-win32-x64-msvc          
npm notice version:       1.0.0                                   
npm notice filename:      @resvg/resvg-js-win32-x64-msvc-1.0.0.tgz
npm notice package size:  1.1 MB                                  
npm notice unpacked size: 2.4 MB                                  
npm notice shasum:        b48d84d0d5b2f26eda9b8b44c443b91e5245f731
npm notice integrity:     sha512-Psq8QC9BQ9WrJ[...]RtniRK8CHon3w==
npm notice total files:   3                                       
npm notice 
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2021-10-09T12_13_06_482Z-debug.log
Internal Error: Execution failed with a non-error rejection (rejected value: undefined)
    at Cli2.error (/home/runner/work/resvg-js/resvg-js/node_modules/@napi-rs/cli/scripts/index.js:2173:19)
    at Cli2.run (/home/runner/work/resvg-js/resvg-js/node_modules/@napi-rs/cli/scripts/index.js:1994:37)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
npm ERR! code 1
npm ERR! path /home/runner/work/resvg-js/resvg-js
npm ERR! command failed
npm ERR! command sh -c napi prepublish -t npm

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2021-10-09T12_13_06_536Z-debug.log
Error: Process completed with exit code 1.

[dmitry-shibanov]

Hello @yisibl . I've tried to reproduce the issue by my own, but it works as expected. Could you please provide minimum repro steps to reproduce the issue outside of your repository. I suppose the issue can be related to the fact that the package is published. Possibly you need to change version in package.json

[dmitry-shibanov]

Hello @yisibl. Just a gentle ping. Do you have any updates ?

[meeroslav]

We had the issue on Nx for our nightly tests that use Verdaccio as a local registry. The publishing was passing on Ubuntu, but failing on MacOs and Windows machines.

The fix is to explicitly specify registry-url.

- name: Use Node.js ${{ matrix.node_version }}
  uses: actions/setup-node@v2
  with:
    node-version: ${{ matrix.node_version }}
    registry-url: http://localhost:4872 # url to our Verdaccio registry

This was introduced with version 2.4.1 btw.

[dmitry-shibanov]

Hello @meeroslav. Thank you for your response. Could you please create a separate issue on it, if it's still relevant for you. Could you please provide such information as:

• Do you have publishConfig in the package.json
• Do you have npmrc in the root of your project.

Actually It was nothing changed regarding to the publishing logic in v2.4.1.

[AlexxNB]

Hello!
Same issue. When I tried publish module on NPM in actions first time(no module with such name in registry), I got this error:

I've tried v1 and v2 of the setup-node action, also different versions of Node. Of course I have a NPM token in repository secrets.

Then I publish my package manually (using npm login). But action still can't publish newer version.

Action is here: https://github.com/AlexxNB/migy/blob/master/.github/workflows/test-and-publish.yml

[dmitry-shibanov]

Hello @AlexxNB. Thank you for your report. Could please check section Publish to npmjs and GPR with npm. For authentication you should provide registry. Moreover, you can check this documentation.

Besides, possablly you'll need to provide a scope of the package.

[AlexxNB]

@dmitry-shibanov thanks, it works now. I was completely sure that registry-url param has default value pointing to npmjs.

[dmitry-shibanov]

Hello everyone. For now I'm closing the issue because we can't reproduce it from our side. If you have any concerns feel free to contact us or create a new issue.

[yisibl]

Environments and secrets are very confusing, which caused me to add the npm token to Environments, so it would fail.
I suggest GitHub give better documentation and UX on how to add npm tokens here.

[martinheidegger]

This happens to me when using Node < 16 as runner. In my case I am trying to run/build with the same node version as is used in AWS lambdas: 14.17 is the version where we work against.

[e-korolevskii]

Hey @martinheidegger. Thank you for your reply. Could you create a separate issue about this if it's still relevant for you, and if it is, please provide minimal reproduction steps.
We will investigate and get back to you as soon as possible.

[guxin0123]

Environments and secrets are very confusing, which caused me to add the npm token to Environments, so it would fail. I suggest GitHub give better documentation and UX on how to add npm tokens here.

I had the same problem, thank you very much for the issues

[trishantpahwa]

I wonder if it needed more highlighting! @_@

[Allan-Nava]

it works?

[justorez]

@dmitry-shibanov thanks, it works now. I was completely sure that registry-url param has default value pointing to npmjs.

it works for me too, registry-url is required

[fwuensche]

To sum up, all the parts required to make it work:

1. Explicitly set a registry-url on the setup-node step:

      - uses: actions/setup-node@v4
        with:
          registry-url: 'https://registry.npmjs.org'

2. Make sure your NPM_TOKEN is set as a "repository secret":

3. Make sure your npm token was created as a "classic token" > "automation" token:

Finally, my release-please workflow file looks like this:

name: release-please

on:
  push:
    branches:
      - main

permissions:
  contents: write
  pull-requests: write

jobs:
  release-please:
    runs-on: ubuntu-latest
    steps:
      - uses: google-github-actions/release-please-action@v4
        id: release
        with:
          release-type: node

      # The logic below handles the npm publication.
      # The if statements ensure that a publication only occurs when a new release is created.
      - uses: actions/checkout@v4
        if: ${{ steps.release.outputs.release_created }}

      # The registry-url must be set for authentication to work on the npm publish step
      # Ref: https://github.com/actions/setup-node/issues/342#issuecomment-950119520
      - uses: actions/setup-node@v4
        if: ${{ steps.release.outputs.release_created }}
        with:
          registry-url: 'https://registry.npmjs.org'

      - run: npm ci
        if: ${{ steps.release.outputs.release_created }}

      # Make sure that the NPM_TOKEN has been set as a "Repository secret"
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
        if: ${{ steps.release.outputs.release_created }}