Add dependency to Github package
You should first let NPM know which scope should be taken from Github Packages Registry.
Make sure you have a file name .npmrc in the root folder, create one if needed.
Then, add the following, replacing @scope with the owner of the Github package.
@scope:registry=https://npm.pkg.github.com
For example, for the library https://github.com/esakal/obsidian-album the scope will be @esakal.
Next time you run npm install any packages under this scope will be downloaded from the Github packages registry.
Note that you must have access to that repository, otherwise you will not be able to download the package and the installation will fail.
How to handle failure to install due to insufficient permissions
When you don't have permissions to get the package, you will usually see the following error when running npm install or npm ci.
ERR! code E401
[36](https://github.com/..../....)npm ERR! 401 Unauthorized - GET [https://npm.pkg.github.com/download/@.../...](https://npm.pkg.github.com/download/.../...) - unauthenticated: User cannot be authenticated with the token provided.
If it happens, you should do one of the suggestions below.
The simplest solution - ask to have access to the Github repository that holds the package. Once you have access, you will gain access automatically and will be able to download the package.
If it is not possible, ask from someone which is admin of the organization to provide you a fine-grained token or personal access token to the repository. Then, use this guide to find the user config .npmrc - and add the following:
//npm.pkg.github.com/:_authToken=token
Don't set it in the repository source versionned
file as you expose the token as plain text in the Github servers.
Add dependency to Github package from within Github actions
Running npm install or npm ci inside Github Actions without adjusting the workflow will probably result with the following when trying to install the private Github package.
npm ERR! 401 Unauthorized - GET [https://npm.pkg.github.com/download/@.../...) - authentication token not provided
In Github workflow you can use actions/setup-node to bind a scope to Github packages registry.
You should first setup actions/setup-node with registry-url and the relevant scope (in my example the scope is esakal).
Then, when doing npm operations like npm ci, npm install or npm publish you should provide environment variable NODE_AUTH_TOKEN with the Github token provided to you automatically by the runner.
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
scope: '@esakal'
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The code sample above was taken from setup-node/advanced-usage.md at main · actions/setup-node
Using .npmrc file
If for any reason you prefer to usage .npmrc but don't want to commit the tokens, you can create that file on the fly as shown below:
- name: npmrcgen
run: |
echo "//npm.pkg.github.com/:_authToken=${{secrets.GITHUB_TOKEN}}" > .npmrc
echo "@xxxxx=https://npm.pkg.github.com/" >> .npmrc
Note that the example above will override the file .npmrc if already exists, In my use-case I already bind the scopes (@xxxxx) to Github packages and also had some other settings in that file. To support it I removed the second echo that adds the scope binding and also changed in the first echo > to be >> so it will only append to the file and will not override it.
You can see a thread about this in Github actions, 401 unauthorized when installing a Github Package with npm or yarn - Stack Overflow