Azure 管道在 npm 安装上失败,因为 package.Z466DEEC76ECDF5FCA6D38571FZ34 引用另一个存储库没有访问权限
[英]Azure pipeline fails on npm install because package.json references another repository it doesn't have access to
问题描述
Hello I have added a javascript component to our project.
您好,我在我们的项目中添加了一个 javascript 组件。 This component lives in a common ui repo.该组件位于一个通用的 ui 存储库中。 When I added this component to the package.json it built fine locally since I have permission through SSH to pull it down.当我将此组件添加到 package.json 时,它在本地构建良好,因为我通过 SSH 获得了将其拉下的权限。 But in azure dev ops where we have the pipelines it is not building because the pipeline doesn't have access.但是在 azure 开发操作中,我们有管道,它没有构建,因为管道没有访问权限。
For example:例如:
Main application: sits at https://visualstudio.com/app/_git/app/ Component library sits at https://visualstudio.com/library/_git/Common-Library#tag-v1.0.3-gitpkg主要应用程序:位于https://visualstudio.com/app/_git/app/组件库位于https://visualstudio.com/library/_git/Common-Library#tag-v1.0.3-gitpkg
So when I add the library to my package.json and push this to the repository, the MVN build fails in Dev Ops on npm install因此,当我将库添加到我的 package.json 并将其推送到存储库时,MVN 构建在 npm 安装上的 Dev Ops 中失败
[INFO] npm ERR!
[INFO] npm ERR! Host key verification failed.
[INFO] npm ERR! fatal: Could not read from remote repository.
[INFO] npm ERR!
The MVN build does not have access to pull down the custom component from its repository. MVN 构建无权从其存储库中下拉自定义组件。
package.json example package.json 示例
"devDependencies": {
"customComponent": "git+ssh://git@vs-ssh.visualstudio.com:v3/path/to/component-v1.1.0-gitpkg",
"@babel/core": "^7.11.6",
"@babel/preset-env": "^7.11.5",
"@babel/preset-react": "^7.10.4",
My understanding is that I can add an SSH key to azure to allow it to pull down the repo but our Dev ops guys dont want that because then that SSH key is tied to that person.我的理解是,我可以将 SSH 密钥添加到 azure 以允许它拉下存储库,但我们的开发人员不希望这样做,因为那时 SSH 与该人绑定。
Is there an alternative way of doing this so that the MVN build can access the repository?是否有另一种方法可以使 MVN 构建可以访问存储库?
1 个解决方案
解决方案1
0 2021-02-09 07:44:58
An alternative workaround is to add credentials(https and oauth) directly in url, for example like this:另一种解决方法是直接在 url 中添加凭据(https 和 oauth),例如:
"dependencies": {
"another-dependency": "git+https://<username>:<password>@bitbucket.org/xxx/repo.git"
}
It has disadvantage since we store the credential directly as plain-text in package.json file, which lacks security if someone else can access your package.json file. It has disadvantage since we store the credential directly as plain-text in package.json file, which lacks security if someone else can access your package.json file. So it depends on you whether to use this workaround.因此,这取决于您是否使用此解决方法。
If you don't want to use plaintext, you can add a File Transform task to replace the old url with new certified url before your npm install steps.如果您不想使用纯文本,您可以在 npm 安装步骤之前添加一个文件转换任务,用新认证的 url 替换旧的 url。
Define a dependencies.another-dependency variable with value git+https://<username>:<password>@xxx.org/... , set it as secret.定义一个dependencies.another-dependency变量,其值为git+https://<username>:<password>@xxx.org/... ,将其设置为秘密。
Use File Transform task to replace the url in package.json file.使用File Transform任务替换package.json文件中的 url。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.