I have a job in a pipeline that has worked for weeks but just today started failing. I’m using your standard .npmrc content:
- export SCOPE="..."
- echo "@SCOPE:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/" >>.npmrc
- echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=\"${CI_JOB_TOKEN}\"" >>.npmrc
- npm publish
There is no existing .npmrc when this is executed.
-
What are you seeing, and how does that differ from what you expect to see?
Today, the job started failing with a403. Obvi, everything has been anonymized via<angle-brackets>in the sample below. All values were correct in the pipeline.
$ npm publish
npm notice
npm notice package: @<scope>/<package-name>@0.5.0-dev.2
npm notice === Tarball Contents ===
npm notice 307B package.json
npm notice 61.5kB <package-name>-0.5.0-dev.2.openapi.json
npm notice 61.5kB <package-name>.openapi.json
npm notice === Tarball Details ===
npm notice name: @<scope>/<package-name>
npm notice version: 0.5.0-dev.2
npm notice filename: @<scope>/<package-name>-0.5.0-dev.2.tgz
npm notice package size: 10.5 kB
npm notice unpacked size: 123.4 kB
npm notice shasum: 884dd0c862a2a5bd4d7a5d02941cc4b937cba649
npm notice integrity: sha512-Wbk/KLoq+deWJ[...]zxiLC8rx3xsSw==
npm notice total files: 3
npm notice
npm notice Publishing to https://gitlab.com/api/v4/projects/<project-id>/packages/npm/
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://gitlab.com/api/v4/projects/<project-id>/packages/npm/@<scope>%2f<package-name>
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2023-04-25T19_46_02_664Z-debug-0.log
We’re using the latest version of gitlab.com SaaS as of this writing.
Any ideas, folks?