[英]Logging in to MyGet for GitHub Actions to install Private package
I'm trying to set up a GitHub Actions workflow that will run the tests for a project when a PR is created.我正在尝试设置一个 GitHub 操作工作流,该工作流将在创建 PR 时运行项目的测试。 Here's the YAML for the action;这是操作的 YAML; it's pretty straight forward really.这真的很简单。
steps:
- uses: actions/checkout@v1
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
registry-url: https://www.myget.org/F/hsa/npm/
scope: '@hsa'
env:
NODE_AUTH_TOKEN: ${{ secrets.MYGET_TOKEN }}
- name: set always auth
run: |
npm config set always-auth true
- name: Install
run: |
npm install
- name: Run lint
shell: bash
run: |
if [[ $GITHUB_BASE_REF ]]
then
export NX_BASE=remotes/origin/$GITHUB_BASE_REF
else
export NX_BASE=$(git rev-parse HEAD~1)
fi
echo "Base => $NX_BASE"
npm run affected:test -- --base=$NX_BASE
The "Use Node.js" step sets the registry URL for the @hsa
scope; “使用 Node.js”步骤为@hsa
范围设置注册表 URL; the MYGET_TOKEN
is set using secrets for the repo. MYGET_TOKEN
是使用 repo 的秘密设置的。 The "set always auth" step was necessary because it wasn't done automatically. “set always auth”步骤是必要的,因为它不是自动完成的。 This seems like it should be enough to allow the action to install the private packages, but it doesn't work.这似乎足以允许操作安装私有包,但它不起作用。 This is the error I get on the "Install" step:这是我在“安装”步骤中遇到的错误:
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="MyGet - hsa"
I've output the temporary .npmrc
file that's created in the Action, and it does look correct, setting the registry for the given scope, so everything should work.我已经输出了在 Action 中创建的临时.npmrc
文件,它看起来确实正确,为给定范围设置了注册表,所以一切都应该正常工作。 But I can't get past the NPM Install step to actually run the tests.但是我无法通过 NPM 安装步骤来实际运行测试。
Any help on what I'm missing for the authentication would be greatly appreciated.对我在身份验证中缺少的任何帮助将不胜感激。 Thanks!谢谢!
From https://github.com/actions/setup-node/来自https://github.com/actions/setup-node/
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: '10.x'
registry-url: 'https://registry.npmjs.org'
# Skip post-install scripts here, as a malicious
# script could steal NODE_AUTH_TOKEN.
- run: npm install --ignore-scripts
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
Try to use the npm install inside of the actions/setup-node.尝试在 actions/setup-node 中使用 npm install。
This is the workflow configuration file I ended up using that get the private package installed:这是我最终使用的用于安装私有包的工作流配置文件:
name: Nx Affected CI
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [12.x]
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node-version }}
- run: git fetch origin master
- run: cp npmrc_file .npmrc
- name: npm install
run: npm install
env:
NPM_TOKEN: ${{ secrets.MYGET_TOKEN }}
- run: rm .npmrc
- run: npm run affected:test --base=origin/master
The npmrc_file
should look like this: npmrc_file
应如下所示:
@hsa:registry=https://www.myget.org/path/to/repository
always-auth=true
//www.myget.org/path/to/repository/:_authToken=${NPM_TOKEN}
I copied it into the workflow, installed the private package, and then removed it, as it caused issues with the NPM_TOKEN
when trying to run the npm run
command.我将它复制到工作流中,安装了私有包,然后将其删除,因为它在尝试运行npm run
命令时会导致NPM_TOKEN
出现问题。
Also, MYGET_TOKEN
is stored in the secrets section of the repository settings.此外, MYGET_TOKEN
存储在存储库设置的 secrets 部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.