使用GitHub Actions从私有GitHub存储库安装npm模块 [英] Install an npm module from a private GitHub repository using GitHub Actions

问题描述

我正在尝试使用GitHub Actions为Node.js项目运行构建.作为 npm install 的一部分，我需要直接从私有GitHub存储库(而不是GPR！)中安装npm模块.

I am trying to run a build for a Node.js project using GitHub Actions. As part of the npm install, I need to install an npm module directly from a private GitHub repository (not from GPR!).

在 package.json 中，我有:

"dependencies": {
  ...
  "my-module": "github:<org>/<my-module>#master",
  ...
},

但是，当运行 npm install 时，我得到:

However, when running npm install, I get:

npm ERR！git@github.com:权限被拒绝(公钥).npm ERR！致命的:无法从远程存储库读取.

npm ERR! git@github.com: Permission denied (publickey). npm ERR! fatal: Could not read from remote repository.

该存储库是我自己的组织的一部分，并且在本地(即从我的计算机中)运行.我该如何运行?

The repository is part of my own organization, and locally (i.e. from my machine) it works. How can I make this run?

我已经尝试设置 NODE_AUTH_TOKEN 环境变量，但没有任何区别.尽管您经常发现此建议，但它似乎只能解决GPR.我要避免的是必须将令牌硬编码到 package.json 文件中.有什么想法吗?

I have already tried setting the NODE_AUTH_TOKEN environment variable, but it didn't make a difference. Although you find this suggestion quite often, it seems to only address GPR. What I would like to avoid is having to hardcode the token into the package.json file. Any thoughts on this?

推荐答案

这是我设法从私有GitHub存储库安装依赖项的方式.

This is how I have managed to install dependencies from private GitHub repositories.

package.json中的依赖项可以如下添加. github:前缀是可选的.指定 #branch 或 #tag 也是可选的.

Dependencies in package.json can be added as follows. The github: prefix is optional. Specifying the #branch or #tag is also optional.

    "dependencies": {
        ...
        "myrepo": "username/myrepo#master",
        "myotherrepo": "github:username/myotherrepo"
    },

这是示例工作流程. PAT 是范围个人访问令牌.禁用 actions/checkout 上的持久凭证很重要，否则它们将覆盖您的 PAT .请注意， git config 更改在步骤之间仍然存在，因此您只需要为每个作业运行一次即可.

Here is an example workflow. PAT is a repo scoped Personal Access Token. It is important to disable persisted credentials on actions/checkout, otherwise they will override your PAT. Note that the git config change persists between steps so you only need to run it once per job.

      - uses: actions/checkout@v2
        with:
          persist-credentials: false
      - uses: actions/setup-node@v1
        with:
          node-version: 12.x
      - run: git config --global url."https://${{ secrets.PAT }}@github.com/".insteadOf ssh://git@github.com/
      - run: npm ci
      ...

这篇关于使用GitHub Actions从私有GitHub存储库安装npm模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！