Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

registry-url config option Ignored when pushing to GPR and NPR #73

Closed
phillmac opened this issue Oct 20, 2019 · 35 comments
Closed

registry-url config option Ignored when pushing to GPR and NPR #73

phillmac opened this issue Oct 20, 2019 · 35 comments

Comments

@phillmac
Copy link

Registry url seems to be ignored here https://github.com/phillmac/orbit-db-managers/blob/a50a35fca7b0d1b79871428b39deb8ecb1293edf/.github/workflows/npmpublish.yml#L40
This differs from #52 in that there's no.npmrcpresent in the repo.
It results in an error in the GPR publish step:
npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/orbit-db-managers - You must be logged in to publish packages.

@sapleu
Copy link

sapleu commented Oct 22, 2019

Having the same issue publishing to our org GitHub npm registry

@dongmingchao
Copy link

same here

@affrae
Copy link

affrae commented Oct 28, 2019

Hi all - here is a workflow that publishes to both NPMJS and GPR, without needing .npmrc workarounds:

Just replace <@OWNER> with appropriate scope (eg for me it would be @affrae), and use your version of npm_token

Is working at https://github.com/affrae/fib-tools

name: Publish to NPMJS and GPR

on:
  push:
    branches:
      - master

jobs:
  publish-to-npm-and-gpr:
    runs-on: ubuntu-latest
    steps:
      
      # Checkout the repo
      - uses: actions/checkout@master
        
      # Update package version and set up git
      - uses: actions/setup-node@master
      - name: Update package version and setup git
        run: |
          git config user.name "Actions User"
          git config user.email noreply@github.com
          npm version 1.0.$(date +%s)

      # Publish to NPMJS
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: 'https://registry.npmjs.org/'
      - name: Publish to NPMJS
        run: |
          npm config set //registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN
          npm config set scope "<@OWNER>"
          npm config list
          npm publish --access public 
        env:
          CI: true
          NODE_AUTH_TOKEN: ${{secrets.npm_token}}

      # Publish to GitHub Package Registry
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '<@OWNER>'
      - name: Publish to GitHub Package Registry
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{github.token}}

@affrae
Copy link

affrae commented Nov 3, 2019

@phillmac If you are referring to the publish to GPR section, try:

      # Publish to GitHub Package Registry
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@phillmac'
      - name: Publish to GitHub Package Registry
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

You seem to have combined the steps for publishing to npmjs and to gpr into one, and it is a bit mangled.

Hope this helps.

@affrae
Copy link

affrae commented Nov 4, 2019

@phillmac I just made mine mirror yours (except for my custom info) and it worked - are you sure that the build that is running has that yml in it? or is it running another version?

@phillmac
Copy link
Author

phillmac commented Nov 4, 2019

I directly linked so its pretty hard to tell fibs.
Feel free to check the actuall repo. https://github.com/phillmac/orbit-db-managers/
This is what's driving me up the wall. It should work yet it doesn't and there's no rhyme or reason that I can see.

@affrae
Copy link

affrae commented Nov 4, 2019

I was not assuming you were fibbing 😜

Unless I am missing something fundamental, the only thing I can see different is the branch you are running from. let me try and replicate that when I get a chance.

@affrae
Copy link

affrae commented Nov 4, 2019

@phillmac I just noticed something:

          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

Should be

          NODE_AUTH_TOKEN: ${{github.token}}

Still gonna test

@phillmac
Copy link
Author

phillmac commented Nov 4, 2019

@affrae Changed it, still no dice. It doesn't matter what token I use when its still pushing to entirely the wrong registry: i.e. NPM instead of GitHub
https://github.com/phillmac/orbit-db-managers/commit/1b71f9739038578be275dcb939ef646c63c805a7/checks?check_suite_id=295521632#step:6:28

@affrae
Copy link

affrae commented Nov 4, 2019

@phillmac I have a working version:

https://github.com/affrae/fib-tools/commit/e9441fbfd096682a6721a9ab68a93b0887463c4f/checks?check_suite_id=295523583

Config: https://github.com/affrae/fib-tools/blob/develop/.github/workflows/DevPublishToGPR.yml

name: Publish develop versions to GPR

on:
  push:
    branches:
      - develop

jobs:
  publish-develop-versions-to-gpr:
    runs-on: ubuntu-latest
    steps:

      # Checkout the repo
      - uses: actions/checkout@master

      # Update package version and set up git
      - uses: actions/setup-node@master
      - name: Update package version and setup git
        run: |
          git config user.name "Actions User"
          git config user.email noreply@github.com
          npm version 0.1.1-dev.$(date +%s)

      # Publish to GitHub Package Registry
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@affrae'
      - name: Publish to GitHub Package Registry
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{github.token}}

The only difference is my scope and the change to NODE_AUTH_TOKEN shared above

Can you check yours v. mine to see if we line up?

@phillmac
Copy link
Author

phillmac commented Nov 4, 2019

So just made a commit with that copied and pasted exactly, the only difference being the username in the scope.
image
But it still insists on trying to push to NPM
https://github.com/phillmac/orbit-db-managers/commit/bd38f97fe735363f6a2a724af857baacb0cb4aa1/checks?check_suite_id=295540502#step:6:28

@clarkbw
Copy link

clarkbw commented Nov 6, 2019

@phillmac you're missing the set scope. This has to do with how setup-node is working right now.

Here's what should work:

  publish-gpr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/ORG_OR_USERNAME/
          scope: '@ORG_OR_USERNAME'
          always-auth: true # required if using yarn
      - name: npm install
        run: npm install
      - name: Publish to GitHub Packages
        run: |
          npm config set scope "@ORG_OR_USERNAME"
          npm publish
        env:
          NODE_AUTH_TOKEN: ${{github.token}}

The npm config set scope lets npm know you want to publish to this scope and then it'll look in the generated .npmrc file for the @ORG_OR_USERNAME:registry line. We'll get this fixed but for now this will get you going.

Also your package MUST be named @ORG_OR_USERNAME/PACKAGE or you'll hit errors trying to publish.

@affrae
Copy link

affrae commented Nov 6, 2019

Thanks @clarkbw - I wonder why I don't run into that in my workflow shared in #73 (comment)..

Is it because I set the scope for an earlier step and it just carries over?

@clarkbw
Copy link

clarkbw commented Nov 6, 2019

Good question, I’m not sure. I’ll have to play around with that some more.

@avdeev
Copy link

avdeev commented Nov 27, 2019

Default template from GitHub Marketplace doesn't work for me too. registry-url is ignored.

image

image

https://github.com/avdeev/vanilla-sharing/runs/323109179

@SachinShekhar
Copy link

I also encountered the same bug..

https://github.com/SachinShekhar/ss-ngrx-router-store/runs/438107309?check_suite_focus=true

This thread is 4 months old. Is GitHub Actions team aware of this issue?

@joebowbeer
Copy link

@clarkbw why specify the proxy url when you're also providing scope? (And even if you don't provide scope, setup-node will add it anyway.)

registry-url: https://npm.pkg.github.com/ORG_OR_USERNAME/

@jsg2021
Copy link

jsg2021 commented Mar 2, 2020

Just use this action to provide node. Where your package publishes to is controlled by package.json’s publishConfig. The scope should be set in the package.json’s name field.

For installing packages from non-default registries... just create a step before install:

- name: npm config
   run: |
     npm config set loglevel error
     npm config set progress false
     npm config set registry 'https://npm.pkg.githubs.com’
     npm config set '@myscope:registry' 'https://www.myscopes-npm.com'

@johnyherangi
Copy link

johnyherangi commented Mar 15, 2020

@phillmac you may need to add your scope to the package name in package.json i.e. "@phillmac/orbit-db-managers". That got the GPR publish working for me. The GitHub Packages docs mention you may need to do this and I see @affrae's package is configured this way too.

Don't ask me why npm defaults to https://registry.npmjs.org if the scope isn't in the package name though 😜

jbelien added a commit to jbelien/openstreetmap-calendar-widget that referenced this issue May 24, 2020
Fix publishing to GitHub Packages Registry.
(see actions/setup-node#73)
jbelien added a commit to jbelien/openstreetmap-calendar-widget that referenced this issue May 24, 2020
* Update npm-publish.yml

Fix publishing to GitHub Packages Registry.
(see actions/setup-node#73)

* Update package.json

* Update package-lock.json
@lukesrw
Copy link

lukesrw commented Jun 10, 2020

Edit: Updated to reduce noise, see below for my fix.

I've previously been doing releases from my PC, trying to migrate over to actions.
It was letting me publish to NPM as "jsite-parse" and GPR as "@lukesrw/jsite-parse".

Now when I do a release, it releases to NPM fine - but not GPR, giving the login error:
You must be logged in to publish packages

Would I need to modify publishConfig in the runner? If so, how?
You don't need to modify the publishConfig in the runner.

@joebowbeer
Copy link

joebowbeer commented Jun 11, 2020

@lukesrw Observations:

You can't publish to jsite-parse and @lukesrw/jsite-parse from the same package.json as there is only one name field.

Writing to ~/.npmrc should be redundant, as the registry-url and scope parameters will cause setup-node to write .npmrc, which overrides ~/.npmrc

I have a working example of GPR publish at https://github.com/joebowbeer/regsync

I'd need to see more of package.json to debug further. What are the name and publishConfig entries in package.json?

@lukesrw
Copy link

lukesrw commented Jun 11, 2020

You can't publish to jsite-parse and @lukesrw/jsite-parse from the same package.json as there is only one name field.

But that's why I was so confused, as I was doing previously.

Writing to ~/.npmrc should be redundant, as the registry-url and scope parameters will cause setup-node to write .npmrc, which overrides ~/.npmrc

Ah, that makes sense! Thank you, that's fixed the problem - it's publishing to both now.


For anyone else having this problem, my workaround:

  • Your package.json can look the same as it would on NPM without a GitHub scope, publishConfig, etc.
  • You can write to .npmrc (thanks again @joebowbeer) to change the registry path - this should be done after npm install and before npm publish (as otherwise it will look to install dependencies from your scope):

I'm sure that some of these lines aren't needed, but for now my yml is:

on:
    release:
        types: [created]

jobs:
    build:
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
            - run: npm ci
            - run: npm test

    publish-npm:
        needs: build
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
                  registry-url: "https://registry.npmjs.org"
            - run: npm install
            - run: npm publish
              env:
                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

    publish-gpr:
        needs: build
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
                  registry-url: "https://npm.pkg.github.com"
                  scope: "@lukesrw"
            - run: npm install
            - run: echo "registry=https://npm.pkg.github.com/@lukesrw" >> .npmrc
            - run: npm publish
              env:
                  NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Make sure you've got an NPM_TOKEN secret setup, change the echo line to have your name instead of mine - and it should work.

synle added a commit to synle/restapi-typescript-decorators that referenced this issue Jul 13, 2020
synle added a commit to synle/restapi-typescript-decorators that referenced this issue Jul 13, 2020
synle added a commit to synle/restapi-typescript-decorators that referenced this issue Jul 13, 2020
fixed pipeline to push to github registry as well as npm registry

3.1.2

fixed issue with ghr due to it not knowing of which registry to use: actions/setup-node#73
synle added a commit to synle/restapi-typescript-decorators that referenced this issue Jul 13, 2020
fixed pipeline to push to github registry as well as npm registry

3.1.2

fixed issue with ghr due to it not knowing of which registry to use: actions/setup-node#73
synle added a commit to synle/restapi-typescript-decorators that referenced this issue Jul 13, 2020
fixed pipeline to push to github registry as well as npm registry

3.1.2

fixed issue with ghr due to it not knowing of which registry to use: actions/setup-node#73
synle added a commit to synle/restapi-typescript-decorators that referenced this issue Jul 14, 2020
fixed pipeline to push to github registry as well as npm registry

3.1.2

fixed issue with ghr due to it not knowing of which registry to use: actions/setup-node#73

clean up pipeline with tagging and publish

3.1.3
@xeptore
Copy link

xeptore commented Feb 10, 2021

@joebowbeer, it seems it is not necessary to set the scope if registry-url is https://npm.pkg.github.com. All the checks and setting scope to repository owner is done here: https://github.com/actions/setup-node/blob/66dfac5/src/authutil.ts#L24-L33

@joebowbeer
Copy link

@xeptore Thanks. I agree. I just updated @joebowbeer/regsync

jessety added a commit to jessety/encrypted-env that referenced this issue Mar 8, 2021
@asbjornu
Copy link

I'm unable to get this to work without adding a scope to the package name – something I'm unable to do since the Visual Studio Marketplace does not support scopes.

I would consider it a pretty serious bug that the .npmrc file created by setup-node is useless without going through with the massively breaking change of renaming the package by introducing a scope, rendering the package useless for tools and registries that don't support scopes.

asbjornu added a commit to remarkjs/vscode-remark that referenced this issue Mar 17, 2021
- Add publish-vsce job to publish the extension to the Visual Studio Code Extension Marketplace.
- Remove the `@remarkjs` scope since VSCE doesn't like it.
- Use manual `npm config` instead of `actions/setup-node@v2` since the latter only seems to work with scoped packages (see actions/setup-node#73).
asbjornu added a commit to remarkjs/vscode-remark that referenced this issue Mar 17, 2021
- Add publish-vsce job to publish the extension to the Visual Studio Code Extension Marketplace.
- Remove the `@remarkjs` scope since VSCE doesn't like it.
- Use manual `npm config` instead of `actions/setup-node@v2` since the latter only seems to work with scoped packages (see actions/setup-node#73).
asbjornu added a commit to remarkjs/vscode-remark that referenced this issue Mar 17, 2021
- Add publish-vsce job to publish the extension to the Visual Studio Code Extension Marketplace.
- Remove the `@remarkjs` scope since VSCE doesn't like it.
- Use manual `npm config` instead of `actions/setup-node@v2` since the latter only seems to work with scoped packages (see actions/setup-node#73).
asbjornu added a commit to remarkjs/vscode-remark that referenced this issue Mar 17, 2021
- Add publish-vsce job to publish the extension to the Visual Studio Code Extension Marketplace.
- Remove the `@remarkjs` scope since VSCE doesn't like it.
- Use manual `npm config` instead of `actions/setup-node@v2` since the latter only seems to work with scoped packages (see actions/setup-node#73).
asbjornu added a commit to remarkjs/vscode-remark that referenced this issue Mar 17, 2021
- Add publish-vsce job to publish the extension to the Visual Studio Code Extension Marketplace.
- Remove the `@remarkjs` scope since VSCE doesn't like it.
- Add .npmrc instead of `actions/setup-node@v2` since the latter only seems to work with scoped packages (see actions/setup-node#73).
@asbjornu
Copy link

From #53 (comment) I discovered that the GitHub Package Registry documentation explicitly states that GPR only supports scoped packages:

GitHub Packages only supports scoped npm packages. Scoped packages have names with the format of @owner/name. Scoped packages always begin with an @ symbol. You may need to update the name in your package.json to use the scoped name. For example, "name": "@codertocat/hello-world-npm".

Pretty horrific, if you ask me.

@joebowbeer
Copy link

@asbjornu see 2nd section of #73 (comment)

@asbjornu
Copy link

asbjornu commented Mar 17, 2021

@joebowbeer, yes it works with scoped packages (scope: is explicitly set to @lukesrw in your linked comment). It does not work with non-scoped packages whatsoever and GitHub's own documentation even states it.

@joebowbeer
Copy link

@asbjornu GPR only hosts scoped packages. Agreed. That is very clear in the GPR documents.

However, you can omit the scope from package.json for backward compatibility with the npm registry.

@asbjornu
Copy link

@joebowbeer:

However, you can omit the scope from package.json for backward compatibility with the npm registry.

…and still publish the package to GPR? I have not gotten this to work. I'm stuck with either this error message:

401 Unauthorized - PUT https://npm.pkg.github.com/@remarkjs/vscode-remark - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

Or this:

405 Method Not Allowed - PUT https://npm.pkg.github.com/remarkjs/vscode-remark

@joebowbeer
Copy link

@asbjornu see #73 (comment) for a working example.

The Unauthorized error is probably due to a missing

NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

I suggest you create a new issue and include a link to your repo with package.json, .npmrc, and your GH action.

@asbjornu
Copy link

No, the NODE_AUTH_TOKEN environment variable is there, @joebowbeer. But sure, I can create a new issue.

@dmitry-shibanov
Copy link
Contributor

Hello everyone. I'm going to close the issue. According to the thread initial issues were resolved from customer's side and other separate issues were created. If you still have some issue feel free to create a new one.

JackHowa pushed a commit to WPMedia/github-actions-helpers that referenced this issue Jan 20, 2022
JackHowa pushed a commit to WPMedia/github-actions-helpers that referenced this issue Jan 21, 2022
krzyk added a commit to krzyk/setup-node that referenced this issue Apr 11, 2023
Add github actions for code checks
deining pushed a commit to deining/setup-node that referenced this issue Nov 9, 2023
Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.10.2 to 9.0.0.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](TypeStrong/ts-node@v8.10.2...v9.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests