I have published the npm package to gitlab.com without a problem.
In another private project, I want to consume this npm package. It works locally after setting up the .npmrc with my personal access token accordingly and when executing npm install @my-org/project_a.
However, it fails when the gitlab pipeline wants to install it with the following messages:
npm ERR! code E404
62npm ERR! 404 Not Found - GET https://gitlab.com/api/v4/projects/<id_of_project_a>/packages/npm/@my-org/project_a/-/@my-org/project_a-0.0.7.tgz
63npm ERR! 404
64npm ERR! 404 '@my-org/project_a@https://gitlab.com/api/v4/projects/<id_of_project_a>/packages/npm/@my-org/project_a/-/@my-org/project_a-0.0.7.tgz' is not in the npm registry.
I have set up the .npmrc in the gitlab-ci.yml as well and I have tried out several auth keys, including my personal access token and the $CI_JOB_TOKEN . I have also cleared the gitlab runner cache several times.
Accessing the url https://gitlab.com/api/v4/projects/<id_of_project_a>/packages/npm/@my-org/project_a/-/@my-org/project_a-0.0.7.tgz also works via the browser.
Do you have an idea why it works locally and fails on gitlab ci cd even with the same access tokens and .npmrc ?
I managed to get it to work with a separate personal access token. Here is what i did:
Create a personal access token from Gitlab with the permissions read_api and read_registry.
Expose this personal access token in the gitlab ci pipeline through a variable
Ensure the .npmrc has the following content:
# Set URL for your scoped packages, e.g. package with name `@my-org/my-package` will use this URL for download.
"@your_org_scope:registry"="https://gitlab.com/api/v4/packages/npm/"
# Add the token for the scoped packages URL. This will allow you to download.
# Make sure you replace ${GITLAB_AUTH_TOKEN} with the personal access token copied earlier or create a local environment variable (this is recommended) named GITLAB_AUTH_TOKEN with the token copied earlier as the value.
"//gitlab.com/api/v4/packages/npm/:_authToken"="${GITLAB_AUTH_TOKEN}"
# Add token for uploading to the registry.
# NOTE: Currently, the project id is XXXXXX. If this changes, you will need to adjust this accordingly.
"//gitlab.com/api/v4/projects/<<project_id>>/packages/npm/:_authToken"="${GITLAB_AUTH_TOKEN}"
And then npm install should work in the gitlab as well.
I was not able to get it working with the CI_TOKEN
Another issue I have faced - if you just copy the provided command ech @mynamespace:registry=htttps:....... >> .npmrc, it may look wrong for npm. Check it with command - npm config ls, and see how it looks there. For me, before each letter in the URL, there was a \u0000 character inserted - @mynamespace:registry = "\u0000h\u0000t\u0000t\u0000p\u0000s\u0000:\u0000/\u0000/\u0000g\u0000i\u0000t\u0000l\u0000a\u0000b\u0000....... Manually pasting that part into the .nmprc file worked.
npm cannot download a package on a self-hosted GitLab instance, although there is a project local .npmrc. But it works when the package is hosted on gitlab.com
Error message: npm ERR! 404 Not Found - GET https://registry.npmjs.org/@myscope/mypackage - Not found
npm i seems to read the project local .npmrc:
grep npmrc /home/myuser/.npm/_logs/2023-03-14T10_54_45_824Z-debug-0.log
5 timing config:load:file:/home/myuser/.nvm/versions/node/v18.15.0/lib/node_modules/npm/npmrc Completed in 0ms
9 timing config:load:file:/home/myuser/projects/pe/mypackage_test/.npmrc Completed in 2ms
11 timing config:load:file:/home/myuser/.npmrc Completed in 2ms
13 timing config:load:file:/home/myuser/.nvm/versions/node/v18.15.0/etc/npmrc Completed in 0ms
strace shows no access to .npmrc files or to the host of the self hosted GitLab instance.
Test exercised with a personal access token with corresponding permissions.
Bro this works like a champ.
I have to register a new forum account just to like your comment and thank you.
Also I want to add that if your project has multiple private repos which has different project_id. You will have to add the token for every single one of them. For example:
So, npm will first get your package download URL at: gitlab.com/api/v4/packages/npm/@your_org_scope/your_package. Then it will download the .tgz file from https://gitlab.com/api/v4/projects/project_id_a/packages/npm/@your_org_scope/your_package/-/@your_org_scope/your_package-0.0.1.tgz which will also need the token