安装私有 npm 包适用于本地笔记本电脑,但不适用于 gitlab 管道
Installing private npm package works on local laptop but not in gitlab pipeline
为什么我的 gitlab 管道中的这个构建阶段失败
npm 错了! 401:无法认证,需要:Basic realm="Artifactory Realm"
当我 运行 命令 $ npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY 时,我似乎正确登录了。显示了我正确的用户名,并且在我的主目录中创建了全局 .npmrc 文件。但是当我 运行 npm install 或 npm i --registry=https://<my_private_repo>.jfrog.io/<my_private_repo> 它失败并显示 401.
我在失败的管道阶段的日志中看到以下输出:
Pulling docker image node:14.15.4 ...
Using docker image sha256:924763541c... for node:14.15.4 with digest node@sha256:cb01e9d98a...
Preparing environment 00:01
Running on runner-ffeacb89-project-...-concurrent-0 via ....r.gitlab.host...
Getting source from Git repository 00:01
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/gravity/my_test_project/.git/
Checking out 5f7... as dev...
Removing .gradle/
Skipping Git submodules setup
Restoring cache 00:06
Checking cache for my_test_project...
cache.zip is up to date
Successfully extracted cache
Executing "step_script" stage of the job script 01:07
Using docker image sha256:924763541c0c8b3839132... for node:14.15.4 with digest node@sha256:cb01e9d9... ...
$ export GRADLE_USER_HOME=`pwd`/.gradle
$ pwd
/builds/my_test_project
$ cd ~
$ npm install -g npm-cli-login
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
/usr/local/bin/npm-cli-login -> /usr/local/lib/node_modules/npm-cli-login/bin/npm-cli-login.js
> core-js@3.10.1 postinstall /usr/local/lib/node_modules/npm-cli-login/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"
+ npm-cli-login@0.1.1
added 634 packages from 451 contributors in 34.086s
$ npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY
info attempt registry request try #1 at 2:32:54 PM
http request PUT https://<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm/-/user/org.couchdb.user:<my_correct_username>
http 201 https://<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm/-/user/org.couchdb.user:<my_correct_username>
$ pwd
/root
$ cat .npmrc
//<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm//:_authToken=eyJ2...(very long token, looks correct)
$ echo 'always-auth = true' >> .npmrc
$ cat .npmrc
//<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm//:_authToken=eyJ2...(very long token, looks correct)
always-auth = true
$ npm i -g @angular/cli
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
/usr/local/bin/ng -> /usr/local/lib/node_modules/@angular/cli/bin/ng
> @angular/cli@11.2.9 postinstall /usr/local/lib/node_modules/@angular/cli
> node ./bin/postinstall/script.js
+ @angular/cli@11.2.9
added 242 packages from 181 contributors in 12.287s
$ cd /builds/my_test_project/ui
$ printenv NPM_TOKEN
eyJ2Z...(my long token)
$ npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
$ npm install
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated axios@0.20.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated fsevents@2.1.3: "Please update to latest v2.3 or v2.2"
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="Artifactory Realm"
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-04-16T14_33_25_786Z-debug.log
Cleaning up file based variables 00:00
ERROR: Job failed: exit code 1
这是我在 .gitlab-ci.yml 文件中的构建阶段(Spring 引导项目)
build:
stage: build
image: node:14.15.4
script:
- pwd
- cd ~
- npm install -g npm-cli-login
- npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY
- cat .npmrc
- echo 'always-auth = true' >> .npmrc
- cat .npmrc
- npm i -g @angular/cli
- cd /builds/myProjectFolder
- printenv NPM_TOKEN
- npm config set //myrepo.jfrog.io/myrepo/api/npm/npm//:_authToken ${NPM_TOKEN}
- npm install --registry=https://myrepo.jfrog.io/<my_private_repo>/api/npm/npm/
artifacts:
paths:
- app/src/ui/dist/dm-consent-page
expire_in: 5 days
我用这个方法解决了:https://gruchalski.com/posts/2020-09-09-authenticate-to-private-jfrog-npm-registry/
在 运行 这个 curl 命令之后,我收到了我需要放入我的全局 .npmrc 文件中的所有内容:
curl -u ${JFROG_USER}:${JFROG_ENCRYPTED_PASSWORD} https://${JFROG_ORG}.jfrog.io/${JFROG_ORG}/api/npm/auth
对于任何感兴趣的人,我的 gitlab ci 管道阶段中的完整脚本现在如下所示:
script:
- npm -v
6.14.10
- node -v
v14.15.4
- cd ~
- pwd
/root
# install angular globally
- npm i -g @angular/cli
# create the config file '.npmrc' for authenticating at jFrog when running 'npm install'.
- cat > .npmrc
- echo _auth = ${NPM_AUTH_TOKEN} >> .npmrc <- This is the token that I received after running the curl command from the tutorial / link above
- echo always-auth = true >> .npmrc
- echo email = ${EMAIL} >> .npmrc
# the next line makes npm look for the packages that are annotated with @<my-private-repo> at the JFrog Repo.
- echo @<my-private-repo>:registry=${UI_JFROG_REGESTRY} >> .npmrc
# change back to the project folder.
- cd /builds/<my-project-folder>/ui
# install all packages + the <my-private-repo> package from JFrog.
- npm install
为什么我的 gitlab 管道中的这个构建阶段失败
npm 错了! 401:无法认证,需要:Basic realm="Artifactory Realm"
当我 运行 命令 $ npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY 时,我似乎正确登录了。显示了我正确的用户名,并且在我的主目录中创建了全局 .npmrc 文件。但是当我 运行 npm install 或 npm i --registry=https://<my_private_repo>.jfrog.io/<my_private_repo> 它失败并显示 401.
我在失败的管道阶段的日志中看到以下输出:
Pulling docker image node:14.15.4 ...
Using docker image sha256:924763541c... for node:14.15.4 with digest node@sha256:cb01e9d98a...
Preparing environment 00:01
Running on runner-ffeacb89-project-...-concurrent-0 via ....r.gitlab.host...
Getting source from Git repository 00:01
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /builds/gravity/my_test_project/.git/
Checking out 5f7... as dev...
Removing .gradle/
Skipping Git submodules setup
Restoring cache 00:06
Checking cache for my_test_project...
cache.zip is up to date
Successfully extracted cache
Executing "step_script" stage of the job script 01:07
Using docker image sha256:924763541c0c8b3839132... for node:14.15.4 with digest node@sha256:cb01e9d9... ...
$ export GRADLE_USER_HOME=`pwd`/.gradle
$ pwd
/builds/my_test_project
$ cd ~
$ npm install -g npm-cli-login
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
/usr/local/bin/npm-cli-login -> /usr/local/lib/node_modules/npm-cli-login/bin/npm-cli-login.js
> core-js@3.10.1 postinstall /usr/local/lib/node_modules/npm-cli-login/node_modules/core-js
> node -e "try{require('./postinstall')}catch(e){}"
+ npm-cli-login@0.1.1
added 634 packages from 451 contributors in 34.086s
$ npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY
info attempt registry request try #1 at 2:32:54 PM
http request PUT https://<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm/-/user/org.couchdb.user:<my_correct_username>
http 201 https://<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm/-/user/org.couchdb.user:<my_correct_username>
$ pwd
/root
$ cat .npmrc
//<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm//:_authToken=eyJ2...(very long token, looks correct)
$ echo 'always-auth = true' >> .npmrc
$ cat .npmrc
//<my_private_repo>.jfrog.io/<my_private_repo>/api/npm/npm//:_authToken=eyJ2...(very long token, looks correct)
always-auth = true
$ npm i -g @angular/cli
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
/usr/local/bin/ng -> /usr/local/lib/node_modules/@angular/cli/bin/ng
> @angular/cli@11.2.9 postinstall /usr/local/lib/node_modules/@angular/cli
> node ./bin/postinstall/script.js
+ @angular/cli@11.2.9
added 242 packages from 181 contributors in 12.287s
$ cd /builds/my_test_project/ui
$ printenv NPM_TOKEN
eyJ2Z...(my long token)
$ npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
$ npm install
npm WARN deprecated debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)
npm WARN deprecated axios@0.20.0: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
npm WARN deprecated request@2.88.2: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated fsevents@2.1.3: "Please update to latest v2.3 or v2.2"
npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated har-validator@5.1.5: this library is no longer supported
npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm ERR! code E401
npm ERR! Unable to authenticate, need: Basic realm="Artifactory Realm"
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2021-04-16T14_33_25_786Z-debug.log
Cleaning up file based variables 00:00
ERROR: Job failed: exit code 1
这是我在 .gitlab-ci.yml 文件中的构建阶段(Spring 引导项目)
build:
stage: build
image: node:14.15.4
script:
- pwd
- cd ~
- npm install -g npm-cli-login
- npm-cli-login -u $USERNAME -p $API_KEY -e $EMAIL -r $REPOSITORY
- cat .npmrc
- echo 'always-auth = true' >> .npmrc
- cat .npmrc
- npm i -g @angular/cli
- cd /builds/myProjectFolder
- printenv NPM_TOKEN
- npm config set //myrepo.jfrog.io/myrepo/api/npm/npm//:_authToken ${NPM_TOKEN}
- npm install --registry=https://myrepo.jfrog.io/<my_private_repo>/api/npm/npm/
artifacts:
paths:
- app/src/ui/dist/dm-consent-page
expire_in: 5 days
我用这个方法解决了:https://gruchalski.com/posts/2020-09-09-authenticate-to-private-jfrog-npm-registry/
在 运行 这个 curl 命令之后,我收到了我需要放入我的全局 .npmrc 文件中的所有内容:
curl -u ${JFROG_USER}:${JFROG_ENCRYPTED_PASSWORD} https://${JFROG_ORG}.jfrog.io/${JFROG_ORG}/api/npm/auth
对于任何感兴趣的人,我的 gitlab ci 管道阶段中的完整脚本现在如下所示:
script:
- npm -v
6.14.10
- node -v
v14.15.4
- cd ~
- pwd
/root
# install angular globally
- npm i -g @angular/cli
# create the config file '.npmrc' for authenticating at jFrog when running 'npm install'.
- cat > .npmrc
- echo _auth = ${NPM_AUTH_TOKEN} >> .npmrc <- This is the token that I received after running the curl command from the tutorial / link above
- echo always-auth = true >> .npmrc
- echo email = ${EMAIL} >> .npmrc
# the next line makes npm look for the packages that are annotated with @<my-private-repo> at the JFrog Repo.
- echo @<my-private-repo>:registry=${UI_JFROG_REGESTRY} >> .npmrc
# change back to the project folder.
- cd /builds/<my-project-folder>/ui
# install all packages + the <my-private-repo> package from JFrog.
- npm install