Can't publish to npm registry: need auth

jmanko · July 11, 2023, 9:11pm

I’m attempting to locally publish a versioned angular application for consumption by another maven-based project, but I can’t seem to get the package to publish. I following the steps at npm packages in the Package Registry.

So, my project is located at

http://gitlab.mydomain.com:7777/products/projectA/ui/base

As instructed by the article above, I created an .npmrc with the following. I have to say, it makes no sense why I’m creating this file since it’s just overwritten in the next step.

@products:registry=http://${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/
//${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}

Now, configure .gitlab-ci.yml to publish with the creation of a tag.

image: node:16.10.0

cache:
  paths:
    - build
    - node
    - node_modules

stages:
  - build
  - test
  - deploy

build:
  stage: build
  script:
    - npm install --force
    - npm run build
  tags:
    - node

deploy:
  stage: deploy
  script:
    - echo "//${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
    - cat .npmrc
    - npm publish
  tags:
    - node
  only:
    - tags

And of course package.json:

  "name": "@products/base",
  "version": "1.0.0",

This errors, however:

$ echo "//${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">.npmrc
$ cat .npmrc
//gitlab.mydomain.com:7777/api/v4/projects/100/packages/npm/:_authToken=[MASKED]
$ npm publish
npm notice 
npm notice package: @products/base@1.0.0
npm notice === Tarball Contents ===    
npm notice ..... bunch of files
npm notice 3.6kB   package.json                                                                              
npm notice === Tarball Details === 
npm notice name:          @products/base                    
npm notice version:       1.0.0                                   
npm notice filename:      @products/base-1.0.0.tgz          
npm notice package size:  8.6 MB                                  
npm notice unpacked size: 24.1 MB                                 
npm notice shasum:        fc3ba49c2716198189198189fb50fccff9f87db54
npm notice integrity:     sha512-zDw6566xc8G[...]648qA6UKsMw8g==
npm notice total files:   938                                     
npm notice 
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in.
npm ERR! need auth You need to authorize this machine using `npm adduser`
npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2023-07-11T20_51_15_924Z-debug.log

I have the package registry turned on in the project settings:

Any ideas?

balonik · July 12, 2023, 8:09am

Add to your package.json

"publishConfig": {
    "@products:registry": "https://gitlab.mydomain.com:7777/api/v4/projects/100/packages/npm/"
  }

jmanko · July 12, 2023, 1:45pm

Doesn’t that defeat the dynamic nature of using CI_SERVER_HOST, CI_SERVER_PORT, and CI_PROJECT_ID?

jmanko · July 12, 2023, 2:42pm

It seems that the recommended configuration provided by the documentation is wrong. If using .npmrc, this is what’s needed:

  before_script:
    - echo "@products:registry=http://${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/">.npmrc
    - echo "//${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}">>.npmrc

balonik · July 13, 2023, 7:10am

No, why would you need to have a dynamic value in package.json which is always bound to a single repository?
Having it in a CI could be useful if you want to re-use the CI for multiple repositories, but there is no difference if you do it with variables or just write it there.