Azure Devops: Cannot Build an Image using NPM private registry even after setting NPM Authenticate

5
votes

I am always getting an error on npm install after setting NPM Authenticate. I would like to authenticate to my npm private registry during image build and install all the dependencies I need. Maybe I misunderstood how this authentication process works but this is what I am doing:

Build pipeline

I tried establishing a service connection from the project settings page as in Service connections for builds and releases

After that, I also set up my NPM Authentication task following the steps in With a Task Runner (e.g. make gulp work)

But this is not working. These are the errors I am getting:

During 'NPM Authenticate' phase:

[warning]Found and overrode credentials for the myregistry.pkgs.visualstudio.com registry in the selected .npmrc file. Remove credentials from the file and store them in an npm service connection instead (recommended), or remove the npm Authenticate task from your build to use credentials checked into an .npmrc.

During 'Build an Image' phase:

Step 4/7 : RUN npm install --production ---> Running in 8724f713f1db [91mnpm ERR! code[0m[91m E404 [0m[91mnpm [0m[91mERR! 404[0m[91m Not Found: @myregistry/service-logging@latest npm ERR![0m[91m A complete log of this run can be found in: npm ERR!
/root/.npm/_logs/2018-09-11T04_20_00_513Z-debug.log [0mThe command '/bin/sh -c npm install --production' returned a non-zero code: 1 [error]The command '/bin/sh -c npm install --production' returned a non-zero code: 1 [error]/usr/local/bin/docker failed with return code: 1 [section]Finishing: Build an image

This is my .npmrc file:

unsafe-perm=true
package-lock=false
registry=https://myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/
always-auth=true
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:_authToken=${NPM_TOKEN}
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/:_authToken=${NPM_TOKEN}

And this is my Dockerfile:

FROM node:8.9-alpine

ARG NPM_TOKEN

WORKDIR /usr/src/srv/

COPY package.json package.json

COPY .npmrc .npmrc

RUN npm install --production

RUN rm -f .npmrc

COPY . .

EXPOSE 8080

CMD npm start

Any help to unblock me from this issue will be highly appreciated! Thanks!

2
azureazure-devopsazure-pipelinesdevops
Hmm, I saw an option to expose secrets to the build pipeline when I added CI to my GitHub repo. That might be needed here.juunas
Where did you get the actual token from? npm doco suggests that it should be a GUID but vsts-npm-auth generates an essay.martinp999
@martinp999 on Azure DevOps, you need to go to the Artifacts section, then Connect to feed, then click on npm and finally there will be a button to generate the NPM credentials (this assumes you already created a feed previously).julinho
I had found this but, as I mentioned, it's an essay - 2076 characters; are you really using this as the key?martinp999
I did find that, if you generate a Personal Access Token with "Packaging (Read)", then base64 encode it, that works (with a token that is only 72 characters long) . But, that ties the building of the image to my personal Azure DevOps account. I partially suspect that even the approach that you mentioned creates a relationship to my personal account. Being that this is going into a CICD build pipeline, I would hope for an approach that was authorised more at the project level.martinp999

2 Answers

4
votes

I finally resolved this issue in my pipeline by removing the last two lines in my .npmrc file. the last line was causing an issue. After the NPM Authenticate task, my .npmrc file was being modified to:

unsafe-perm=true
package-lock=false
registry=https://myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/
always-auth=true

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/:_authToken=${NPM_TOKEN}

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:username=VssToken
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:_password=***
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:email=VssEmail
//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:always-auth=true

Somehow, the following config was being taken into consideration and the config the NPM Authenticate inserted was being ignored, causing the pipeline error:

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/:_authToken=${NPM_TOKEN}

Also, no need to include the following line since NPM Authenticate will do the job for you:

//myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/:_authToken=${NPM_TOKEN}

By removing the line above, this warning disappeared:

[warning]Found and overrode credentials for the myregistry.pkgs.visualstudio.com registry in the selected .npmrc file. Remove credentials from the file and store them in an npm service connection instead (recommended), or remove the npm Authenticate task from your build to use credentials checked into an .npmrc.

So, to conclude, just keep your .npmrc file as simple as this:

unsafe-perm=true
package-lock=false
registry=https://myregistry.pkgs.visualstudio.com/_packaging/myregistry/npm/registry/
always-auth=true

Everything was fine with the Dockerfile.

0
votes

You need to include the token in .npmrc file or update this file before run npm install command.