Github操作，使用npm或yarn安装Github软件包时，未经授权401 [英] Github actions, 401 unauthorized when installing a Github Package with npm or yarn

问题描述

当我尝试通过GitHub动作安装npm模块时，出现以下错误:

When I try to install my npm modules from a GitHub action I get the following error:

npm ERR! 401 Unauthorized - GET https://npm.pkg.github.com/@xxxx%2fxxxx-analytics - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

在发表评论之前，我已经使用范围和访问令牌正确配置了.npmrc，并且在本地安装私有软件包时一切正常.

Before you comment, I have configured the .npmrc correctly with the scope and access token, and everything works fine when installing the private package locally.

这是我的GitHub工作流程操作:

Here is my GitHub workflow action:

name: JavaScript workflow

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v1
      - name: Use Node.js 12.x
        uses: actions/setup-node@v1
        with:
          node-version: '12.x'
      - name: npmrc
        run: cat .npmrc
      - name: npm install
        run: |
          npm install
        env:
          CI: true
          NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

这是我的.npmrc

here is my .npmrc

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=XXXXXXXXX
@colonynetworks:registry=https://npm.pkg.github.com
//npm.pkg.github.com:_authToken=XXXXXXXXX
always-auth=true
@react-admin:registry=https://registry.marmelab.com
//registry.marmelab.com:
_auth=XXXXXXXXX
email=software@XXXXXXXXX.com
always-auth=true

这是一个私人存储库，并且authTokens当前已硬编码在.npmrc文件中.

It's a private repo and the authTokens are currently hardcoded in the .npmrc file.

但是，在尝试找到解决方案时，我确实遇到了Github员工的以下随机评论:

However while trying to find a solution for this, I did come across this random comment from a Github staff member: https://github.community/t/netlify-getting-401-from-github-package-registry-with-auth-token/16415/3

这有点含糊，但是听起来好像它不接受.npmrc文件中的硬编码authToken.

It's a bit vague, but it sounds like it doesn't accept a hardcoded authToken in the .npmrc file.

所以我尝试的第一件事是像这样使用我们的env变量:

So first thing I tried was to use our env variable instead like so:

@xxxx=https://npm.pkg.github.com
//npm.pkg.github.com:_authToken=${NPM_AUTH_TOKEN}

env变量在我们的Github存储库秘密中是正确的，并且由工作流提供.

The env variable is correct in our Github repo secrets, and supplied by the workflow.

但是，这仍然会导致相同的401未经授权错误.

However this still resulted in the same 401 Unauthorized error.

通过查看其他解决方案，我然后尝试在install步骤之前在Github动作中手动生成.npmrc，如下所示:

From looking at other solutions I then tried to generate the .npmrc manually inside the Github action before the install step, like so:

- name: npmrcgen
        run: |
          echo "//npm.pkg.github.com/:_authToken=XXXXXXX" > .npmrc
          echo "@xxxxx=https://npm.pkg.github.com/" >> .npmrc
          echo "@react-admin:registry=https://registry.marmelab.com" >> .npmrc
          echo "//registry.marmelab.com:" >> .npmrc
          echo "_auth=XXXXXXX" >> .npmrc
          echo "email=software@xxxxx.com" >> .npmrc
          echo "always-auth=true" >> .npmrc

在我添加的日志记录步骤中，它的_authToken(仅适用于Github)仍然显示为***，并且仍然出现401未经授权的错误.

During the logging step I added, it the _authToken (only for Github) still shows up as ***, and I still got a 401 Unauthorized error.

在这一点上，我想确认.npmrc是否还在使用中，因此我删除了用于marmelab.com的第二个私有注册表，果然，我收到一条错误消息，说它不再能够安装其ra-realtime包.这证明.npmrc文件确实已由我的Github操作读取和使用，但它不接受我的Github个人访问令牌.

At this point I wanted to confirm the .npmrc was even being used, so I removed the second private registry we used for marmelab.com, and sure enough, I got an error saying it was no longer able to install their ra-realtime package. This proves the .npmrc file is indeed being read and used by my Github action, but it's not accepting my Github personal access token.

我也尝试生成一个新令牌.它具有对repo:以及write:packages和read:packages下所有内容的完全访问权限.

I have tried to generate a new token as well. It has full access to everything under repo: as well as write:packages and read:packages which is what should be required.

在GitHub动作中仍然未授权401，并且在本地仍然可以正常工作.

Still 401 Unauthorized in the Github action, and still works fine locally.

最近，我尝试使用yarn而不是npm进行安装.毫不奇怪，这也没有解决.

Lastly I have tried to install it with yarn instead of npm. Unsurprisingly this did not fix it either.

我已经看到并尝试了以下解决方案，但均未成功:

I have seen and tried the following solutions without any success:

• 下载私有模块从Github包注册表通过Github Action中的Yarn来实现?可以发布作品，但安装时会遇到"401未经授权"
• https://github.com/FerLuisxd/create-npmrc
• https://blog.bitsrc.io/install-npm-private-packages-in-ci-cd-with-github-actions-746db95017cc

• Download private module from Github Package Registry via Yarn within a Github Action? Publishing works, but installing is met with '401 Unauthorized'
• https://github.com/FerLuisxd/create-npmrc
• https://blog.bitsrc.io/install-npm-private-packages-in-ci-cd-with-github-actions-746db95017cc

我没有尝试过的一件事，因为我没有看到关于如何或这是一个好主意的建议，但是我没有在Github动作中执行npm login.由于没有人做到这一点，并且以某种方式使它起作用，所以我认为这是没有必要的.

One thing I have not tried, as I have seen no recommendations on how or this being a good idea, but I have not done an npm login within the Github action. Since no one else has done this, and somehow have it working, I assume this is not necessary.

推荐答案

我最终不得不联系GitHub支持，并让他们可以访问我的存储库以解决此问题.

I ended up having to contact GitHub support and give them access to my repo to figure this out.

但是他们确实找出了问题所在.

However they did figure out what the problem was.

Github工作流程比本地环境更严格，并在auth令牌之前退回额外的/:

Github workflows are more strict than local environments and requite an extra / before the auth token:

发现差异:

//npm.pkg.github.com:_authToken=XXXXXXXXX
//npm.pkg.github.com/:_authToken=XXXXXXXXX

在:_authToken=之前添加额外的/为我解决了这个问题.

adding the extra / before :_authToken= solved the issue for me.

这篇关于Github操作，使用npm或yarn安装Github软件包时，未经授权401的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！