NPM dependencies to another private Bitbucket repo Azure DevOps pipeline authentication fails

Question

I'm working on a Azure DevOps build pipeline for a project. I can't make any changes to the code itself besides the azure-pipeline.yaml file. (And to be honest, I know very little about the project itself)

I'm stuck on the NPM install dependencies step. I'm currently working with the YAML pipeline, but if there's a solution in the classic mode I'll go with that.

The issue is the following:

I've created the pipeline with and I check out a private Bitbucket repository according to the documentation:

resources:
  repositories:
  - repository: MyBitBucketRepo1
    type: bitbucket
    endpoint: MyBitBucketServiceConnection
    name: MyBitBucketOrgOrUser/MyBitBucketRepo

Next I set the correct version of node, and execute a npm install task

- task: Npm@1
  displayName: 'NPM install'
  inputs:
    command: 'install'
    workingDir: 'the working directory'

So far so good. But, there is a dependency to another Bitbucket repository. In the package.json there is a dependecy like this:

another-dependency: git:https://bitbucket.org/organisation/repo.git#v1.1.3

I do have access to this repository, but if I run NPM install it can't re-use the credentials from the first repository.

I've tried adding both repositories to the resources in the hope that would work. But still the same error:

error fatal: Authentication failed for 'https://bitbucket.org/organisation/repo.git/'

I've tried to set up some caching mechanism, run npm install on the 2nd repo, store the dependencies, run npm install on the first one. But that didn't work unfortunately.

Is there a way in Azure Devops pipelines -without making changes to the project set-up- to make this work?

Thanks!

Answer 1

Normally I have the.npmrc on the Repo so I dont have to add any other task. Something like in this guide: https://docs.microsoft.com/en-us/azure/devops/artifacts/get-started-npm?view=azure-devops&tabs=windows

And I never do something like that, but I think that you can authenticate with the external feed adding this task: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/package/npm-authenticate?view=azure-devops

Reading a bit more, I dont know if you can do this without adding a.npmrc on your Repo. You have to create a ServiceConnection to store your login credentials, but on that you will need the.npmrc on your Repo.

Try it and tell my if this help!!

Answer 2

Npm will prompt for passwords when you run npm install command for your package.json locally. Since we can't enter the password during pipeline run in CI/CD pipeline, it causes the Authentication failed error.

An alternative workaround is to add credentials directly in url, like this:

"dependencies": {
    "another-dependency": "git+https://<username>:<password>@bitbucket.org/xxx/repo.git"
}

See app-password :

username: your normal Bitbucket username
password: the app password

It has disadvantage since we store the app-password directly as plain-text in package.json file, which lacks security if someone else can access your package.json file. So it depends on you whether to use this workaround.

As a workaround for Azure Devops pipeline:

You can add a File Transform task to replace the old url with new Username+Password url before your npm install steps.

1.I have a package.json in root directory with content like git:https://bitbucket.org/organisation/repo.git#v1.1.3 .

2.Define a dependencies.another-dependency variable with value git+https://<username>:<password>@bitbucket.org/... , set it as secret!

3.Then add the File Transform task like this:

4.Finally you'll get a new package.json file with content below:

It won't actually affect your package.json file under version control, it just add credentials temporarily during your pipeline. Let me know if it helps:)