Github 操作，使用 npm 或 yarn 安装 Github 包时 401 未授权 [英] Github actions, 401 unauthorized when installing a Github Package with npm or yarn

问题描述

当我尝试从 GitHub 操作安装我的 npm 模块时，我收到以下错误:

When I try to install my npm modules from a GitHub action I get the following error:

npm ERR! 401 Unauthorized - GET https://npm.pkg.github.com/@xxxx%2fxxxx-analytics - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

在您发表评论之前，我已经使用范围和访问令牌正确配置了 .npmrc，并且在本地安装私有包时一切正常.

Before you comment, I have configured the .npmrc correctly with the scope and access token, and everything works fine when installing the private package locally.

这是我的 GitHub 工作流程操作:

Here is my GitHub workflow action:

name: JavaScript workflow

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v1
      - name: Use Node.js 12.x
        uses: actions/setup-node@v1
        with:
          node-version: '12.x'
      - name: npmrc
        run: cat .npmrc
      - name: npm install
        run: |
          npm install
        env:
          CI: true
          NPM_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}

这是我的 .npmrc

here is my .npmrc

@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=XXXXXXXXX
@colonynetworks:registry=https://npm.pkg.github.com
//npm.pkg.github.com:_authToken=XXXXXXXXX
always-auth=true
@react-admin:registry=https://registry.marmelab.com
//registry.marmelab.com:
_auth=XXXXXXXXX
email=software@XXXXXXXXX.com
always-auth=true

这是一个私有存储库，authTokens 目前硬编码在 .npmrc 文件中.

It's a private repo and the authTokens are currently hardcoded in the .npmrc file.

然而，在试图为此找到解决方案时，我确实遇到了 Github 工作人员的这个随机评论:https://github.community/t/netlify-getting-401-from-github-package-registry-with-auth-token/16415/3

However while trying to find a solution for this, I did come across this random comment from a Github staff member: https://github.community/t/netlify-getting-401-from-github-package-registry-with-auth-token/16415/3

这有点含糊，但听起来它不接受 .npmrc 文件中的硬编码 authToken.

It's a bit vague, but it sounds like it doesn't accept a hardcoded authToken in the .npmrc file.

所以我尝试的第一件事是像这样使用我们的 env 变量:

So first thing I tried was to use our env variable instead like so:

@xxxx=https://npm.pkg.github.com
//npm.pkg.github.com:_authToken=${NPM_AUTH_TOKEN}

环境变量在我们的 Github 存储库机密中是正确的，并且由工作流提供.

The env variable is correct in our Github repo secrets, and supplied by the workflow.

然而，这仍然导致同样的 401 Unauthorized 错误.

However this still resulted in the same 401 Unauthorized error.

通过查看其他解决方案，我尝试在 install 步骤之前在 Github 操作中手动生成 .npmrc，如下所示:

From looking at other solutions I then tried to generate the .npmrc manually inside the Github action before the install step, like so:

- name: npmrcgen
        run: |
          echo "//npm.pkg.github.com/:_authToken=XXXXXXX" > .npmrc
          echo "@xxxxx=https://npm.pkg.github.com/" >> .npmrc
          echo "@react-admin:registry=https://registry.marmelab.com" >> .npmrc
          echo "//registry.marmelab.com:" >> .npmrc
          echo "_auth=XXXXXXX" >> .npmrc
          echo "email=software@xxxxx.com" >> .npmrc
          echo "always-auth=true" >> .npmrc

在我添加的日志记录步骤中，_authToken(仅适用于 Github)仍然显示为 ***，并且我仍然收到 401 Unauthorized 错误.

During the logging step I added, it the _authToken (only for Github) still shows up as ***, and I still got a 401 Unauthorized error.

此时我想确认 .npmrc 是否正在被使用，所以我删除了我们用于 marmelab.com 的第二个私有注册表，果然，我收到一个错误，说它是不再能够安装他们的 ra-realtime 包.这证明 .npmrc 文件确实被我的 Github 操作读取和使用，但它不接受我的 Github 个人访问令牌.

At this point I wanted to confirm the .npmrc was even being used, so I removed the second private registry we used for marmelab.com, and sure enough, I got an error saying it was no longer able to install their ra-realtime package. This proves the .npmrc file is indeed being read and used by my Github action, but it's not accepting my Github personal access token.

我也尝试生成一个新令牌.它可以完全访问 repo: 以及 write:packages 和 read:packages 下的所有内容，这是应该需要的.

I have tried to generate a new token as well. It has full access to everything under repo: as well as write:packages and read:packages which is what should be required.

在 Github 操作中仍然 401 Unauthorized，并且在本地仍然可以正常工作.

Still 401 Unauthorized in the Github action, and still works fine locally.

最后，我尝试使用 yarn 而不是 npm 安装它.不出所料，这也没有解决它.

Lastly I have tried to install it with yarn instead of npm. Unsurprisingly this did not fix it either.

我已经看到并尝试了以下解决方案，但没有成功:

I have seen and tried the following solutions without any success:

• 下载私有模块从 Github 包注册表通过 Yarn 在 Github 操作中?发布有效，但安装遇到401 Unauthorized"
• https://github.com/FerLuisxd/create-npmrc
• https://blog.bitsrc.io/install-npm-private-packages-in-ci-cd-with-github-actions-746db95017cc

有一件事我没有尝试过，因为我没有看到任何关于如何或这是一个好主意的建议，但我没有在 Github 操作中执行 npm login.由于没有其他人这样做过，并且以某种方式使其正常工作，因此我认为这没有必要.

One thing I have not tried, as I have seen no recommendations on how or this being a good idea, but I have not done an npm login within the Github action. Since no one else has done this, and somehow have it working, I assume this is not necessary.

推荐答案

我最终不得不联系 GitHub 支持并让他们访问我的存储库来解决这个问题.

I ended up having to contact GitHub support and give them access to my repo to figure this out.

但是他们确实找出了问题所在.

However they did figure out what the problem was.

Github 工作流程比本地环境更严格，并且在 auth 令牌前需要额外的 /:

Github workflows are more strict than local environments and requite an extra / before the auth token:

找出不同之处:

//npm.pkg.github.com:_authToken=XXXXXXXXX
//npm.pkg.github.com/:_authToken=XXXXXXXXX

在 :_authToken= 之前添加额外的 / 为我解决了这个问题.

adding the extra / before :_authToken= solved the issue for me.

这篇关于Github 操作，使用 npm 或 yarn 安装 Github 包时 401 未授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！