Skip to content

Instantly share code, notes, and snippets.

@mattnorris

mattnorris/publish_to_private_npm_from_ci.md

Forked from silentHoo/publish_to_private_npm_from_ci.md
Created May 28, 2021 19:52
Show Gist options
  • Save mattnorris/ae26af2122d2da82b502282bc33f9dc3 to your computer and use it in GitHub Desktop.
Save mattnorris/ae26af2122d2da82b502282bc33f9dc3 to your computer and use it in GitHub Desktop.
Download ZIP
Push and pull into and from your private npm registry via CI pipeline
Raw
publish_to_private_npm_from_ci.md

Publish to private npm registry from your CI pipeline

If you want to publish packages to your private registry, e.g. to jfrog.io/Verdaccio/... you should note some important things:

1) Authenticate on your local machine

To authenticate against the private repository, you've to use the npm cli tool. But first you should get your API access token. That's safer than using your password.

npm adduser --registry https://<registry_url>/<api_path>/ --always-auth
  • When asked for your user, enter the username.
  • As password provide the API token or the account password.
  • Provide your email address.

This will authenticate your user account and you'll receive a token that is stored in your local ~/.npmrc file.

2) Configure your publish job

Copy the token from the previous step and add it to your CI tools environment variables. This is called Secret variables in Gitlab:

# This env's are set via your CI tool of choice:
#
# export NPM_REGISTRY_URL_WITHOUT_PROTOCOL = "//<registry_url>/<api_path>/"
# export NPM_REGISTRY_TOKEN = "ey..."

# This snippet is somewhere in your CI job:

cat << EOF > .npmrc
$NPM_REGISTRY_URL_WITHOUT_PROTOCOL:_authToken=$NPM_REGISTRY_TOKEN
EOF

npm publish

To your package.json you only need to add a `publishConfig so npm knows where to publish the package:

"publishConfig": {
  "registry": "https://<registry_url>/<api_path>/"
},

This will publish your package from within the current directory into your private registry. You should make sure that you've write access and updated your package.json with the new version you want to release.

Raw
pull_from_private_npm_from_ci.md

Pull from private npm registry from your CI pipeline

To use a private registry you have some things to setup before you can install any dependency. You need an account (or at least an API token) for https://<registry_url>/<api_path>/.

1) Authenticate

To authenticate against the private repository, you've to use the npm cli tool. But first you should get your API access token. That's safer than using your password.

npm adduser --registry https://<registry_url>/<api_path>/ --always-auth
  • When asked for your user, enter the username.
  • As password provide the API token or the account password.
  • Provide your email address.

This will authenticate your user account and you'll receive a token that is stored in your local ~/.npmrc file.

2) Use your token

  • Open ~/.npmrc and copy the token.
  • Open ~/.profile and append this line to the end of the file: export NPM_REGISTRY_TOKEN=ey...
  • Create a .npmrc file in your projects root folder and insert this content:
always-auth=true
registry=https://<registry_url>/
//<registry_url>/:_authToken=${NPM_REGISTRY_TOKEN}

or (if you don't want to generate the _authToken, you can do it with user/pass too):

always-auth=true
registry=https://<registry_url>/
//<registry_url>/:username=${NPM_REGISTRY_USERNAME}
//<registry_url>/:_password=${NPM_REGISTRY_PASSWORD_OR_TOKEN}

You can use a generated token as password here.

This file will be used later by yarn or npm and ${NPM_REGISTRY_TOKEN} is interpolated by npm with the token you've set as environment variable. If you're in the same terminal session, you need to refresh your profile before install your first dependency by running this command: source ~/.profile.

  • Now you can install any component through the private npm repo by adding them, e.g. with yarn:
  • yarn add your-previously-pushed-package
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment