registry-url config option Ignored when pushing to GPR and NPR about setup-node HOT 35 CLOSED

Default template from GitHub Marketplace doesn't work for me too. registry-url is ignored.

https://github.com/avdeev/vanilla-sharing/runs/323109179

from setup-node.

I also encountered the same bug..

https://github.com/SachinShekhar/ss-ngrx-router-store/runs/438107309?check_suite_focus=true

This thread is 4 months old. Is GitHub Actions team aware of this issue?

from setup-node.

Hi all - here is a workflow that publishes to both NPMJS and GPR, without needing .npmrc workarounds:

Just replace <@OWNER> with appropriate scope (eg for me it would be @affrae), and use your version of npm_token

Is working at https://github.com/affrae/fib-tools

name: Publish to NPMJS and GPR

on:
  push:
    branches:
      - master

jobs:
  publish-to-npm-and-gpr:
    runs-on: ubuntu-latest
    steps:
      
      # Checkout the repo
      - uses: actions/checkout@master
        
      # Update package version and set up git
      - uses: actions/setup-node@master
      - name: Update package version and setup git
        run: |
          git config user.name "Actions User"
          git config user.email [email protected]
          npm version 1.0.$(date +%s)

      # Publish to NPMJS
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: 'https://registry.npmjs.org/'
      - name: Publish to NPMJS
        run: |
          npm config set //registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN
          npm config set scope "<@OWNER>"
          npm config list
          npm publish --access public 
        env:
          CI: true
          NODE_AUTH_TOKEN: ${{secrets.npm_token}}

      # Publish to GitHub Package Registry
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '<@OWNER>'
      - name: Publish to GitHub Package Registry
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{github.token}}

from setup-node.

@phillmac you're missing the set scope. This has to do with how setup-node is working right now.

Here's what should work:

  publish-gpr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/ORG_OR_USERNAME/
          scope: '@ORG_OR_USERNAME'
          always-auth: true # required if using yarn
      - name: npm install
        run: npm install
      - name: Publish to GitHub Packages
        run: |
          npm config set scope "@ORG_OR_USERNAME"
          npm publish
        env:
          NODE_AUTH_TOKEN: ${{github.token}}

The npm config set scope lets npm know you want to publish to this scope and then it'll look in the generated .npmrc file for the @ORG_OR_USERNAME:registry line. We'll get this fixed but for now this will get you going.

Also your package MUST be named @ORG_OR_USERNAME/PACKAGE or you'll hit errors trying to publish.

from setup-node.

@phillmac you may need to add your scope to the package name in package.json i.e. "@phillmac/orbit-db-managers". That got the GPR publish working for me. The GitHub Packages docs mention you may need to do this and I see @affrae's package is configured this way too.

Don't ask me why npm defaults to https://registry.npmjs.org if the scope isn't in the package name though 😜

from setup-node.

You can't publish to jsite-parse and @lukesrw/jsite-parse from the same package.json as there is only one name field.

But that's why I was so confused, as I was doing previously.

Writing to ~/.npmrc should be redundant, as the registry-url and scope parameters will cause setup-node to write .npmrc, which overrides ~/.npmrc

Ah, that makes sense! Thank you, that's fixed the problem - it's publishing to both now.

For anyone else having this problem, my workaround:

• Your package.json can look the same as it would on NPM without a GitHub scope, publishConfig, etc.
• You can write to .npmrc (thanks again @joebowbeer) to change the registry path - this should be done after npm install and before npm publish (as otherwise it will look to install dependencies from your scope):

I'm sure that some of these lines aren't needed, but for now my yml is:

on:
    release:
        types: [created]

jobs:
    build:
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
            - run: npm ci
            - run: npm test

    publish-npm:
        needs: build
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
                  registry-url: "https://registry.npmjs.org"
            - run: npm install
            - run: npm publish
              env:
                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

    publish-gpr:
        needs: build
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v2
            - uses: actions/setup-node@v1
              with:
                  node-version: 12
                  registry-url: "https://npm.pkg.github.com"
                  scope: "@lukesrw"
            - run: npm install
            - run: echo "registry=https://npm.pkg.github.com/@lukesrw" >> .npmrc
            - run: npm publish
              env:
                  NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Make sure you've got an NPM_TOKEN secret setup, change the echo line to have your name instead of mine - and it should work.

from setup-node.

@affrae Changed it, still no dice. It doesn't matter what token I use when its still pushing to entirely the wrong registry: i.e. NPM instead of GitHub
https://github.com/phillmac/orbit-db-managers/commit/1b71f9739038578be275dcb939ef646c63c805a7/checks?check_suite_id=295521632#step:6:28

from setup-node.

I was not assuming you were fibbing 😜

Unless I am missing something fundamental, the only thing I can see different is the branch you are running from. let me try and replicate that when I get a chance.

from setup-node.

Good question, I’m not sure. I’ll have to play around with that some more.

from setup-node.

@joebowbeer, it seems it is not necessary to set the scope if registry-url is https://npm.pkg.github.com. All the checks and setting scope to repository owner is done here: https://github.com/actions/setup-node/blob/66dfac5/src/authutil.ts#L24-L33

from setup-node.

@xeptore Thanks. I agree. I just updated @joebowbeer/regsync

from setup-node.

Having the same issue publishing to our org GitHub npm registry

from setup-node.

same here

from setup-node.

@affrae
What am I doing wrong here?
https://github.com/phillmac/orbit-db-managers/blob/0077bcca8ce4f7ee69c1ed48c5b13e5979945a9f/.github/workflows/dev-publish.yml#L25
https://github.com/phillmac/orbit-db-managers/commit/0077bcca8ce4f7ee69c1ed48c5b13e5979945a9f/checks?check_suite_id=292485897#step:6:51

from setup-node.

@phillmac If you are referring to the publish to GPR section, try:

      # Publish to GitHub Package Registry
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@phillmac'
      - name: Publish to GitHub Package Registry
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

You seem to have combined the steps for publishing to npmjs and to gpr into one, and it is a bit mangled.

Hope this helps.

from setup-node.

@affrae
Updated it as per your advice, still getting the same error.

https://github.com/phillmac/orbit-db-managers/commit/2e05219d7d853b94c368113bf7bd1b59d65e7670/checks?check_suite_id=294001422#step:6:28

Config:
https://github.com/phillmac/orbit-db-managers/blob/2e05219d7d853b94c368113bf7bd1b59d65e7670/.github/workflows/dev-publish.yml

from setup-node.

@phillmac I just made mine mirror yours (except for my custom info) and it worked - are you sure that the build that is running has that yml in it? or is it running another version?

from setup-node.

I directly linked so its pretty hard to tell fibs.
Feel free to check the actuall repo. https://github.com/phillmac/orbit-db-managers/
This is what's driving me up the wall. It should work yet it doesn't and there's no rhyme or reason that I can see.

from setup-node.

@phillmac I just noticed something:

          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

Should be

          NODE_AUTH_TOKEN: ${{github.token}}

Still gonna test

from setup-node.

@phillmac I have a working version:

https://github.com/affrae/fib-tools/commit/e9441fbfd096682a6721a9ab68a93b0887463c4f/checks?check_suite_id=295523583

Config: https://github.com/affrae/fib-tools/blob/develop/.github/workflows/DevPublishToGPR.yml

name: Publish develop versions to GPR

on:
  push:
    branches:
      - develop

jobs:
  publish-develop-versions-to-gpr:
    runs-on: ubuntu-latest
    steps:

      # Checkout the repo
      - uses: actions/checkout@master

      # Update package version and set up git
      - uses: actions/setup-node@master
      - name: Update package version and setup git
        run: |
          git config user.name "Actions User"
          git config user.email [email protected]
          npm version 0.1.1-dev.$(date +%s)

      # Publish to GitHub Package Registry
      - uses: actions/setup-node@master
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@affrae'
      - name: Publish to GitHub Package Registry
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{github.token}}

The only difference is my scope and the change to NODE_AUTH_TOKEN shared above

Can you check yours v. mine to see if we line up?

from setup-node.

So just made a commit with that copied and pasted exactly, the only difference being the username in the scope.

But it still insists on trying to push to NPM
https://github.com/phillmac/orbit-db-managers/commit/bd38f97fe735363f6a2a724af857baacb0cb4aa1/checks?check_suite_id=295540502#step:6:28

from setup-node.

Thanks @clarkbw - I wonder why I don't run into that in my workflow shared in #73 (comment)..

Is it because I set the scope for an earlier step and it just carries over?

from setup-node.

@clarkbw why specify the proxy url when you're also providing scope? (And even if you don't provide scope, setup-node will add it anyway.)

registry-url: https://npm.pkg.github.com/ORG_OR_USERNAME/

from setup-node.

Just use this action to provide node. Where your package publishes to is controlled by package.json’s publishConfig. The scope should be set in the package.json’s name field.

For installing packages from non-default registries... just create a step before install:

- name: npm config
   run: |
     npm config set loglevel error
     npm config set progress false
     npm config set registry 'https://npm.pkg.githubs.com’
     npm config set '@myscope:registry' 'https://www.myscopes-npm.com'

from setup-node.

Edit: Updated to reduce noise, see below for my fix.

I've previously been doing releases from my PC, trying to migrate over to actions.
It was letting me publish to NPM as "jsite-parse" and GPR as "@lukesrw/jsite-parse".

Now when I do a release, it releases to NPM fine - but not GPR, giving the login error:
You must be logged in to publish packages

Would I need to modify publishConfig in the runner? If so, how?
You don't need to modify the publishConfig in the runner.

from setup-node.

@lukesrw Observations:

You can't publish to jsite-parse and @lukesrw/jsite-parse from the same package.json as there is only one name field.

Writing to ~/.npmrc should be redundant, as the registry-url and scope parameters will cause setup-node to write .npmrc, which overrides ~/.npmrc

I have a working example of GPR publish at https://github.com/joebowbeer/regsync

I'd need to see more of package.json to debug further. What are the name and publishConfig entries in package.json?

from setup-node.

I'm unable to get this to work without adding a scope to the package name – something I'm unable to do since the Visual Studio Marketplace does not support scopes.

I would consider it a pretty serious bug that the .npmrc file created by setup-node is useless without going through with the massively breaking change of renaming the package by introducing a scope, rendering the package useless for tools and registries that don't support scopes.

from setup-node.

From #53 (comment) I discovered that the GitHub Package Registry documentation explicitly states that GPR only supports scoped packages:

GitHub Packages only supports scoped npm packages. Scoped packages have names with the format of @owner/name. Scoped packages always begin with an @ symbol. You may need to update the name in your package.json to use the scoped name. For example, "name": "@codertocat/hello-world-npm".

Pretty horrific, if you ask me.

from setup-node.

@asbjornu see 2nd section of #73 (comment)

from setup-node.

@joebowbeer, yes it works with scoped packages (scope: is explicitly set to @lukesrw in your linked comment). It does not work with non-scoped packages whatsoever and GitHub's own documentation even states it.

from setup-node.

@asbjornu GPR only hosts scoped packages. Agreed. That is very clear in the GPR documents.

However, you can omit the scope from package.json for backward compatibility with the npm registry.

from setup-node.

@joebowbeer:

However, you can omit the scope from package.json for backward compatibility with the npm registry.

…and still publish the package to GPR? I have not gotten this to work. I'm stuck with either this error message:

401 Unauthorized - PUT https://npm.pkg.github.com/@remarkjs/vscode-remark - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

Or this:

405 Method Not Allowed - PUT https://npm.pkg.github.com/remarkjs/vscode-remark

from setup-node.

@asbjornu see #73 (comment) for a working example.

The Unauthorized error is probably due to a missing

NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

I suggest you create a new issue and include a link to your repo with package.json, .npmrc, and your GH action.

from setup-node.

No, the NODE_AUTH_TOKEN environment variable is there, @joebowbeer. But sure, I can create a new issue.

from setup-node.

Hello everyone. I'm going to close the issue. According to the thread initial issues were resolved from customer's side and other separate issues were created. If you still have some issue feel free to create a new one.

from setup-node.