Support GPR in .npmrc

[meleksomai]

I am trying to publish monorepo packages to a private Github registry using changesets/action.

Whenever I push to main, I get the following error:

npm notice 📦  @inception-health/utils@0.0.1
npm notice === Tarball Contents === 
npm notice 1.3kB dist/index.js  
npm notice 960B  package.json   
npm notice 284B  dist/index.mjs 
npm notice 209B  dist/index.d.ts
npm notice === Tarball Details === 
npm notice name:          @inception-health/utils                 
npm notice version:       0.0.1                                   
npm notice package size:  1.2 kB                                  
npm notice unpacked size: 2.7 kB                                  
npm notice shasum:        12d6dc8e84110XXXXXX
npm notice integrity:     sha512-tGyxr7tYjFXh2[...]XXXXXXXXXX
npm notice total files:   4                                       
npm notice 
npm ERR! code E401
npm ERR! 401 Unauthorized - PUT https://npm.pkg.github.com/@inception-health%2futils - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

I have the following configuration:

.npmrc

@inception-health:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=$GITHUB_TOKEN

Note: I also tried to dynamically add the .npmrc during the workflow build

      - name: Creating .npmrc
        run: |
          cat << EOF > "$HOME/.npmrc"
            @inception-health:registry=https://npm.pkg.github.com/
            //npm.pkg.github.com/:_authToken=$GITHUB_TOKEN
          EOF
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Github Workflow

name: Changesets
on:
  push:
    branches:
      - main
env:
  CI: true
  PNPM_CACHE_FOLDER: .pnpm-store
jobs:
  version:
    timeout-minutes: 15
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - name: checkout code repository
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: setup node.js
        uses: actions/setup-node@v2
        with:
          node-version: 14
          registry-url: https://npm.pkg.github.com/
          scope: "@inception-health"
      - name: install pnpm
        run: npm i pnpm@latest -g
      - name: setup pnpm config
        run: pnpm config set store-dir $PNPM_CACHE_FOLDER
      - name: install dependencies
        run: pnpm install
      - name: create and publish versions
        uses: changesets/action@v1
        with:
          version: pnpm ci:version
          commit: "chore: update versions"
          title: "chore: update versions"
          publish: pnpm ci:publish
          setupGitUser: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Note: I also tried to replace the GITHUB_TOKEN with a custom PAT. Same error.

Package.json

For all the packages I wanted to publish, I included the following config

{
   ...
  "publishConfig": {
    "access": "restricted",
    "registry": "https://npm.pkg.github.com/inception-health/"
  }
}

CI Action

This is the pnpm script for ci:publish that are included in the root package.json.

{
 ...
  "scripts": {
    "ci:publish": "pnpm build && pnpm recursive publish",
    "ci:version": "pnpm changeset version"
  },
 ...
}

I don't know what is missing? I appreciate any guidance.

Version

• pnpm: 7.0.0-rc.9
• @changesets/cli: "^2.22.0"

[LiKang6688]

Looks like changesets’s github action only supports npm Registry not Github Packages
https://github.com/changesets/action/blob/main/src/index.ts#L64

[jplwood]

If there is an alternate, valid registry defined in an .npmrc file, shouldn't that be supported? We also ran into this when trying to publish a package to the github package registry

[MartinDawson]

@jplwood You can pass NPM_TOKEN to validate.

[bluwy]

I believe NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }} should workaround the problem so it doesn't rely on npmrc parsing.