在Github Action中通过Yarn从Github Package Registry下载私有模块?发布正常，但是安装符合"401未经授权" [英] Download private module from Github Package Registry via Yarn within a Github Action? Publishing works, but installing is met with '401 Unauthorized'

问题描述

由于各种原因，我们被困在使用yarn管理我们的包，所以我们不能依靠package-lock.json在github上使用npm进行动作.

For various reasons we are stuck using yarn managing our packages so we can't rely on a package-lock.json to use npm with github actions.

我们无法让Yarn作为github动作的一部分进行身份验证. 我们已经将仓库npmrc配置为:

We cannot get Yarn to authenticate as part of a github action. We've got our repo npmrc configured as:

@COMPANY:registry=https://npm.pkg.github.com
registry=https://registry.npmjs.org/

而我们正在使用此动作适用于纱线.

这是一个基本设置，我们只是在尝试安装模块-仅此而已.

Here's a basic setup where we're just trying to install the modules -- nothing more.

name: CI
on: [push]
jobs:
  build:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: borales/actions-yarn@v2.1.0
        with:
          auth-token: ${{ secrets.GITHUB_TOKEN }}
          registry-url: "https://npm.pkg.github.com"
          scope: tlabs
          cmd: version
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_REGISTRY_URL: https://npm.pkg.github.com
      - name: Create NPMRC
        run: |
          echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUB_TOKEN }}" > ~/.npmrc
      - name: Install
        run: |
           yarn install --verbose

默认情况下，此操作将尝试运行install，以便绕过我在版本"中提供的基本命令，因此它仅显示yarn版本，仅此而已.

By default, this action will try to run install so to bypass that I provided a basic command there 'version' so it just displays the yarn version and nothing more.

运行yarn安装将对所有其他软件包都有效，但是当它进入我们的私有模块时，它将尝试从正确的注册表(github)中获取它们，但会被401击中.

Running yarn install will work for all other packages but when it gets to our private modules, it will try to get them from the right registry (github) but will be hit with a 401.

完整错误:

verbose 7.614802156 Error: https://npm.pkg.github.com/download/@tlabs/utils/1.0.1/afe9eaa6f9565f95c31563cbecfe617d7970f44077302cbe9ca8ee3223550469: Request failed "401 Unauthorized"
    at ResponseError.ExtendableBuiltin (/usr/share/yarn/lib/cli.js:696:66)
    at new ResponseError (/usr/share/yarn/lib/cli.js:802:124)
    at Request.<anonymous> (/usr/share/yarn/lib/cli.js:66996:16)
    at Request.emit (events.js:210:5)
    at Request.module.exports.Request.onRequestResponse (/usr/share/yarn/lib/cli.js:141441:10)
    at ClientRequest.emit (events.js:210:5)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:583:27)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:115:17)
    at TLSSocket.socketOnData (_http_client.js:456:22)
    at TLSSocket.emit (events.js:210:5)
error An unexpected error occurred: "https://npm.pkg.github.com/download/@tlabs/utils/1.0.1/afe9eaa6f9565f95c31563cbecfe617d7970f44077302cbe9ca8ee3223550469: Request failed \"401 Unauthorized\"".

推荐答案

默认GITHUB_TOKEN仅适用于当前存储库.您不能使用它来访问另一个存储库中的软件包.使用范围为read:packages和repo -line"rel =" nofollow noreferrer>个人访问令牌而不是GITHUB_TOKEN.

The default GITHUB_TOKEN is only scoped for the current repository. You cannot use it to access packages in another repository. Use a read:packages and repo scoped Personal Access Token instead of GITHUB_TOKEN.

这篇关于在Github Action中通过Yarn从Github Package Registry下载私有模块?发布正常，但是安装符合"401未经授权"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！