Github Actions build script
name: Deploy
on:
push:
branches: [ "main" ]
jobs:
build_on_mac:
runs-on: macos-latest
steps:
- uses: actions/checkout#v3
with:
persist-credentials: false
- name: Use HTTP
run: >
git config --global url."https://github.com".insteadOf ssh://git#github.com
- uses: actions/setup-node#v3
with:
node-version: 14
- name: install dependencies
run: npm install
It keeps falling for a particular package randomly.. worked 1 out of 10 times
npm WARN tarball tarball data for buble#git+ssh://git#github.com/pemrouz/buble.git#4e639aeeb64712ac95dc30a52750d1ee4432c9c8 (sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA==) seems to be corrupted. Trying one more time.
7
npm ERR! Verification failed while extracting buble#git+ssh://git#github.com/pemrouz/buble.git#4e639aeeb64712ac95dc30a52750d1ee4432c9c8:
2895
npm ERR! sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA== integrity checksum failed when using sha512: wanted sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA== but got sha512-J+yRnScDV19Vr5+C8D5IJiIN2auC9t54tYpJmeqVxgyIyJQmF95mqBwBXzXKyvIH9aZvY6RlQqtMsQm0gdH7UQ==. (801561 bytes)
2635
So the problem is that when package-lock.json is generated locally it has
sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA==
But when getting downloaded by actions it is
sha512-J+yRnScDV19Vr5+C8D5IJiIN2auC9t54tYpJmeqVxgyIyJQmF95mqBwBXzXKyvIH9aZvY6RlQqtMsQm0gdH7UQ==
Workaround is to replace the SHA in GitHub with expected one which allows build to complete but obviously that looks wrong..
So options I can think are
Can someone please tell me how to add this package permanently into build so that GitHub doesn't need to install it
Or how to fix this issue? It doesn't seem to want to take https:// and takes ssh://git#github.com . Not sure if that is causing anything
Also if I use the option to replace the SHA in package-lock.json then the publish fails with another error
Publish Action
name: Release
on:
release:
types:
- created
jobs:
publish_on_mac:
runs-on: macos-latest
steps:
- uses: actions/checkout#v3
with:
persist-credentials: false
- name: HTTPS
run: >
git config --global url."https://github.com".insteadOf ssh://git#github.com
- uses: actions/setup-node#v3
with:
node-version: 14
- name: install dependencies
run: npm install
- name: publish
run: npm run publish
Error
npm ERR! /usr/local/bin/git ls-remote -h -t ssh://git#github.com/pemrouz/buble.git
1226
npm ERR!
1227
npm ERR! Warning: Permanently added the ECDSA host key for IP address '140.xxx.xxx.xxx' to the list of known hosts.
1228
npm ERR! git#github.com: Permission denied (publickey).
1229
npm ERR! fatal: Could not read from remote repository.
1230
npm ERR!
1231
npm ERR! Please make sure you have the correct access rights
1232
npm ERR! and the repository exists.
1233
npm ERR!
1234
npm ERR! exited with error code: 128
How do we fix this as well?
Related
I am trying to setup actions for NextJS app using the following yml file
name: Frontend Build
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- uses: actions/setup-node#v3
with:
node-version: "18"
- run: |
cd frontend
npm ci
npm run build
but i get the error every time npm ci or npm install is run
It says :
Run cd frontend
npm ERR! code E401
npm ERR! Incorrect or missing password.
npm ERR! If you were trying to login, change your password, create an
npm ERR! authentication token or enable two-factor authentication then
npm ERR! that means you likely typed your password in incorrectly.
npm ERR! Please try again, or recover your password at:
npm ERR! https://www.npmjs.com/forgot
npm ERR!
npm ERR! If you were doing some other operation then your saved credentials are
npm ERR! probably out of date. To correct this please try logging in again with:
npm ERR! npm login
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2023-02-18T16_14_12_437Z-debug-0.log
Error: Process completed with exit code 1.
i did not see anyone setting password for public npm registry.
Thanks in advance
You have to create an .npmrc file with proper authToken when installing a secured dependencies.
name: "Create .npmrc"
run: |
echo "registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
Then you can call npm install.
In the package.json file, I have added a dependency that is referencing one of our public repositories. The dependency in the package.json looks like below:
"ffprobe-static": "git+https://github.com/company-name/repo-name.git",
I can successfully run npm install locally and use this dependency, but when I push this code, our GitHub workflows where we execute npm install fails with the below error:
npm ERR! Warning: Permanently added the RSA host key for IP address 'x.x.x.x' to the list of known hosts.
npm ERR! git#github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
I don't understand the reason for this error, since the repository we are referencing is public, and also I can access the same repository when I install dependencies locally.
Note that the repository that is running this code is a private repository, but the referenced repository is public, but under the same organization.
I was able to fix it by adding the below step after checkout in the YAML file. Also, set the persist-credentials option to false in the checkout step.
steps:
- name: Checkout
uses: actions/checkout#v2
with:
persist-credentials: false
- name: Reconfigure git to use HTTP authentication
run: >
git config --global url."https://github.com/".insteadOf
ssh://git#github.com/
You might try a config to force https URLs, at least for testing, in your GitHub workflow:
- name: Fix URL access
run: echo -e '[url "https://github.com/"]\n insteadOf = "ssh://git#github.com/"' >> ~/.gitconfig
- name: Checkout server
uses: actions/checkout#v2
...
Or (as in here, just to illustrate where you can put the git config insteadOf command):
on: push
jobs:
check-elm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Checkout submodules
shell: bash
run: |
# From https://github.com/actions/checkout/issues/116#issuecomment-583221947
git config --global url."https://github.com/".insteadOf
ssh://git#github.com/
git submodule sync --recursive
git -c "http.extraheader=Authorization: basic ${{secrets.GITHUB_ACCESS_TOKEN}}" -c protocol.version=2 submodule update --init --force --recursive --depth=1
- uses: actions/setup-node#v1
with:
node-version: '8.16.0'
- run: npm run test
I'll start with I asked this question here and got no response: https://github.community/t/private-repo-w-tag-in-workflow/229573
We have three private repos with tags in our package.json as dependencies, one example:
"Private-Repo1": "https://<PAT>:x-oauth-basic#github.com/project/Private-Repo.git#v1.0.0",
We use oauth keys to access our repos. My PAT is set to allow checking out the repo as well as workflow access.
When we run our Workflow action, it fails at npm ci for this line with an error of:
npm ERR! code 128
npm ERR! An unknown git error occurred
npm ERR! command git --no-replace-objects ls-remote ***github.com/project/Private-Repo.git
npm ERR! remote: Repository not found.
npm ERR! fatal: repository 'https://github.com/project/Private-Repo.git/' not found
Local testing is pointing to the reason that we’re failing is that git ls-remote fails when you point to a private repo with a tag number, if I remove the tag it works.
Can someone please point me to how we can use a PAT to pull a specific tag from a private repo in our workflow via our package.json? Everything I can find is how to access a private repo, but not how to access a private repo's tag.
For anyone that stumbles on this with a similar issue, the problem wasn't git ls-remote it was the token. I was calling it in the wrong place. It needs to be set in the checkout step, not setup-node step. Here is my working yaml that allows me to run a workflow with a private repo and tag that uses an oauth token. The only setup needed is to make a secret called GIT_TOKEN (or whatever you want to call it) and give it workflow access.
name: API auto test and lint workflow
on: push
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
with:
token: ${{ secrets.GIT_TOKEN }}
- uses: actions/setup-node#v1
with:
node-version: 16.x
- run: npm ci
- run: npm run lint
- run: npm run test
I am using semantic version action on my GitHub enterprise repository. It was working fine until recently, where it started failing with this error
Error: Command failed: npm ci --only=prod
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-08-23T10_41_00_344Z-debug.log
at ChildProcess.exithandler (child_process.js:295:12)
at ChildProcess.emit (events.js:210:5)
at maybeClose (internal/child_process.js:1021:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5) {
killed: false,
code: 1,
signal: null,
cmd: 'npm ci --only=prod',
stdout: '',
stderr: 'npm ERR! code E401\n' +
'npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"\n' +
'\n' +
'npm ERR! A complete log of this run can be found in:\n' +
'npm ERR! /root/.npm/_logs/2021-08-23T10_41_00_344Z-debug.log\n'
The action I use is not expected to publish anything to GitHub Package Registry, maybe only read from Package Registry. So after googling I found this on SO and elsewhere - https://stackoverflow.com/a/63243950/1182982
So I updated my action to look like this now (I added the step: Setup node, it wasn't there before)
#===============================================================================
#=========================== Semamtic Version ==========================
#===============================================================================
semver:
name: Semantic Versioning
runs-on: [self-hosted, linux, x64]
steps:
- name: Setup node
run: |
echo "//npm.pkg.github.com/:_authToken=${{ secrets.GITHUBCOM_TOKEN }}" >> ~/.npmrc
echo "#yrshaikh:registry=https://npm.pkg.github.com" >> ~/.npmrc
echo 'registry "https://registry.yarnpkg.com"' >> ~/.yarnrc
- uses: actions/checkout#v2
- name: Semantic Release
id: semantic
# https://github.com/cycjimmy/semantic-release-action
uses: internal-front-end/semantic-release-action#v2
outputs:
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
new_release_version: ${{ steps.semantic.outputs.new_release_version }}
Note, the GITHUBCOM_TOKEN I created using my github.com personal profile (And gave read packages/repo access) and OWNER_NAME in #yrshaikh:registry=https://npm.pkg.github.com I have filled in github.com user id.
After doing these changes the 401 authentication error has gone.
But I see a different error, which I have not been able to resolve -
Error: Command failed: npm --loglevel error ci --only=prod
npm ERR! code E404
npm ERR! 404 Not Found - GET https://npm.pkg.github.com/#actions%2fcore - npm package "core" does not exist under owner "actions"
npm ERR! 404
npm ERR! 404 '#actions/core#1.2.7' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-08-25T05_40_28_115Z-debug.log
at ChildProcess.exithandler (child_process.js:295:12)
at ChildProcess.emit (events.js:210:5)
at maybeClose (internal/child_process.js:1021:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5) {
killed: false,
code: 1,
signal: null,
cmd: 'npm --loglevel error ci --only=prod',
stdout: '',
stderr: 'npm ERR! code E404\n' +
'npm ERR! 404 Not Found - GET https://npm.pkg.github.com/#actions%2fcore - npm package "core" does not exist under owner "actions"\n' +
'npm ERR! 404 \n' +
"npm ERR! 404 '#actions/core#1.2.7' is not in the npm registry.\n" +
'npm ERR! 404 You should bug the author to publish it (or use the name yourself!)\n' +
'npm ERR! 404 \n' +
'npm ERR! 404 Note that you can also install from a\n' +
'npm ERR! 404 tarball, folder, http url, or git url.\n' +
'\n' +
'npm ERR! A complete log of this run can be found in:\n' +
'npm ERR! /root/.npm/_logs/2021-08-25T05_40_28_115Z-debug.log\n'
}
Any help or direction will be appreciated.
There doesn't seem to be anything wrong about the ~/.npmrc:
#${OWNER}:registry=https://npm.pkg.github.com
//npm.pkg.github.com/:_authToken=${TOKEN}
Have you tried to regenerate that personal access token? Be aware that these secrets also have scopes, so they may resolve in a private repository, but not necessarily a public repository.
$GITHUB_TOKEN may not have sufficient permissions; try adding a personal access token instead.
What does npm login --scope=#yrshaikh --registry=https://npm.pkg.github.com give?
I am currently trying to publish a package to the Github registry.
The package is generated code, although this should not really matter here. The important thing is that I have the following:
The package.json file contains:
{
"name": "#company-name/repository-name",
"version": "v1.7.0",
"repository": "git://github.com/#company-name/repository-name.git"
}
The .npmrc file reads:
#company-name:registry=https://npm.pkg.github.com
Whereas this is what I am running in my Github Action:
- uses: actions/checkout#v2
- uses: actions/setup-node#v2
with:
node-version: '12.x'
registry-url: 'https://npm.pkg.github.com'
# Defaults to the user or organization that owns the workflow file
scope: '#company-name'
# ...
- name: Install and publish
working-directory: .generated/
run: |
sudo npm install
sudo npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I am following the docs but it seems I am missing something.
Log output
npm notice === Tarball Details ===
npm notice name: #company-name/repository-name
npm notice version: 1.7.0
npm notice package size: 11.6 kB
npm notice unpacked size: 104.6 kB
npm notice shasum: 2262a7f9ef1bb95b1d6ae2dc92095d04eb2a22b6
npm notice integrity: sha512-WaJvaoZV8uo2Y[...]Re2hW2A/BIO5Q==
npm notice total files: 24
npm notice
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="GitHub Package Registry"
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-09-03T19_27_04_437Z-debug.log
Error: Process completed with exit code 1.
The way we were able to get around this issue was by adding a simple script to the action:
- name: Install Dependencies
run: |
echo "#INSERT_ORG_NAME:registry=https://npm.pkg.github.com" > .npmrc
echo "//npm.pkg.github.com/:_authToken=$GITHUB_PAT" >> .npmrc
npm install
env:
GITHUB_PAT: ${{ secrets.REPO_READ_PAT }}
Second line is because we're dealing with a private repo.
i am using a private repository and my credentials was expired, with this situation i faced similar issue on executing
npm i
to fix this, i just edited my .npmrc to have always-auth = false and executed
npm i --registry https://registry.npmjs.org which worked for me.