7

I am always getting an error on npm install after setting NPM Authenticate. I would like to authenticate to my npm private registry during image build and install all the dependencies I need. Maybe I misunderstood how this authentication process works but this is what I am doing:

Build pipeline

I tried establishing a service connection from the project settings page as in Service connections for builds and releases

After that, I also set up my NPM Authentication task following the steps in With a Task Runner (e.g. make gulp work)

But this is not working. These are the errors I am getting:

During 'NPM Authenticate' phase:

[warning]Found and overrode credentials for the myregistry.pkgs.visualstudio.com registry in the selected .npmrc file. Remove credentials from the file and store them in an npm service connection instead (recommended), or remove the npm Authenticate task from your build to use credentials checked into an .npmrc.

During 'Build an Image' phase:

Step 4/7 : RUN npm install --production ---> Running in 8724f713f1db [91mnpm ERR! code[0m[91m E404 [0m[91mnpm [0m[91mERR! 404[0m[91m Not Found: @myregistry/service-logging@latest npm ERR![0m[91m A complete log of this run can be found in: npm ERR!
/root/.npm/_logs/2018-09-11T04_20_00_513Z-debug.log [0mThe command '/bin/sh -c npm install --production' returned a non-zero code: 1 [error]The command '/bin/sh -c npm install --production' returned a non-zero code: 1 [error]/usr/local/bin/docker failed with return code: 1 [section]Finishing: Build an image

This is my .npmrc file:

unsafe-perm=true
package-lock=false
registry=https://myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/
always-auth=true
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:_authToken=${NPM_TOKEN}
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/:_authToken=${NPM_TOKEN}

And this is my Dockerfile:

FROM node:8.9-alpine

ARG NPM_TOKEN

WORKDIR /usr/src/srv/

COPY package.json package.json

COPY .npmrc .npmrc

RUN npm install --production

RUN rm -f .npmrc

COPY . .

EXPOSE 8080

CMD npm start

Any help to unblock me from this issue will be highly appreciated! Thanks!

riQQ
  • 9,878
  • 7
  • 49
  • 66
julinho
  • 301
  • 3
  • 11
  • Hmm, I saw an option to expose secrets to the build pipeline when I added CI to my GitHub repo. That might be needed here. – juunas Sep 14 '18 at 06:38
  • Where did you get the actual token from? npm doco suggests that it should be a GUID but vsts-npm-auth generates an essay. – martinp999 Mar 24 '19 at 20:38
  • @martinp999 on Azure DevOps, you need to go to the Artifacts section, then Connect to feed, then click on npm and finally there will be a button to generate the NPM credentials (this assumes you already created a feed previously). – julinho Mar 26 '19 at 13:20
  • I had found this but, as I mentioned, it's an essay - 2076 characters; are you really using this as the key? – martinp999 Mar 27 '19 at 20:51
  • I did find that, if you generate a Personal Access Token with "Packaging (Read)", then base64 encode it, that works (with a token that is only 72 characters long) . But, that ties the building of the image to my personal Azure DevOps account. I partially suspect that even the approach that you mentioned creates a relationship to my personal account. Being that this is going into a CICD build pipeline, I would hope for an approach that was authorised more at the project level. – martinp999 Mar 27 '19 at 20:55
  • @martinp999 sorry for this excessively long delay in the reponsse. Yes, the approach I mentioned creates a relationship to my personal account. I agree with you that it would be better to create a relationship at the project level but I could not find a way to do it at the time I did this setup. – julinho Apr 17 '19 at 21:07

3 Answers3

8

I finally resolved this issue in my pipeline by removing the last two lines in my .npmrc file. the last line was causing an issue. After the NPM Authenticate task, my .npmrc file was being modified to:

unsafe-perm=true
package-lock=false
registry=https://myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/
always-auth=true

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/:_authToken=${NPM_TOKEN}

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:username=VssToken
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:_password=***
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:email=VssEmail
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:always-auth=true

Somehow, the following config was being taken into consideration and the config the NPM Authenticate inserted was being ignored, causing the pipeline error:

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/:_authToken=${NPM_TOKEN}

Also, no need to include the following line since NPM Authenticate will do the job for you:

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:_authToken=${NPM_TOKEN}

By removing the line above, this warning disappeared:

[warning]Found and overrode credentials for the myregistry.pkgs.visualstudio.com registry in the selected .npmrc file. Remove credentials from the file and store them in an npm service connection instead (recommended), or remove the npm Authenticate task from your build to use credentials checked into an .npmrc.

So, to conclude, just keep your .npmrc file as simple as this:

unsafe-perm=true
package-lock=false
registry=https://myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/
always-auth=true

Everything was fine with the Dockerfile.

julinho
  • 301
  • 3
  • 11
  • Did you find that without the `:_authToken=${NPM_TOKEN}` your dockerfile wouldn't run locally? – Rikki Oct 11 '19 at 19:35
  • yes @Rikki, I found this out later on. It is annoying because whenever you would like to test your Dockerfile changes locally, you have to add and then remove this line. But unfortunately I could not find a solution to that. – julinho Oct 13 '19 at 10:40
3

I encountered this recently, Posting what I found out here in case it helps folks (or myself) in the future.

I was trying to authenticate against a private NPM feed during an Azure DevOps Pipeline build using the NpmAuthenticate task runner.

My initial pipeline looked like this:

- task: npmAuthenticate@0
  displayName: Authenticate Npm Feed
  inputs:
    workingFile: './source/WebApplication/.npmrc'
    customEndpoint: ExternalFeedServiceConnection

- task: Npm@1
  inputs:
    command: 'install'
    workingDir: ./source/WebApplication #path to package.json
    customRegistry: 'useNpmrc'
    displayName: Install NPM Packages

The Npm@1 task would continually fail with a login error. No matter what permutation was attempted. What finally worked was replacing it with a script step instead:

  - script: 'npm install'
    workingDirectory: ./source/WebApplication
    displayName: npm install

The script step appears to be executing the exact same command as the Npm@1 task, but is able to authenticate fine.

The npmAuthenticate azure devops task documentation vaguely suggests this, but it's unclear why it would work with a script step but not the Npm@1 task.

Dharman
  • 30,962
  • 25
  • 85
  • 135
pnavk
  • 4,552
  • 2
  • 19
  • 43
  • 1
    Its 2022 and we just had this exact issue. Using a script task and not Npm@1 fixed it for us. Thanks – cjuk Mar 23 '22 at 17:03
  • Maybe this is related: what I found in my case, from comparing the output of `npm config ls` when running it manually vs. from the DevOps NPM task, is that on DevOps, there is no `"user" config` section. So the `.npmrc` we have stored for our build agents, and which contain all tokens for private registries we use, is ignored. The NPM task sets a `userconfig` environment variable, referring to a temporary `.npmrc` in the working directory of the build. However, that file is never created. So there seems to be a bug in the DevOps NPM task which fails to copy the file. – Daniel Saner Apr 11 '23 at 14:18
0

You need to include the token in .npmrc file or update this file before run npm install command.

starian chen-MSFT
  • 33,174
  • 2
  • 29
  • 53