.npmrc is not created

[adamhenson]

Expected

When registry-url input is set with env.NODE_AUTH_TOKEN an .npmrc file should be created in project root.

Actual

When registry-url input is set with env.NODE_AUTH_TOKEN an .npmrc file is not created.

Reproduction

.github/workflows/publish.yml

name: Publish
on:
  push:
    branches:
      - master

jobs:
  publish:
    runs-on: ubuntu-latest
    env:
      NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
    steps:
      - uses: actions/checkout@v2
      - name: Setup Node
        uses: actions/setup-node@v2
        with:
          node-version: '12.x'
          registry-url: 'https://registry.npmjs.org'
          scope: '@foo-software'
      - name: Publish Packages
        run: |
          cat .npmrc

package.json

{
  "name": "root",
  "private": true,
  "keywords": [
    ...
  ],
  "scripts": {
    ...
  },
  "husky": {
    ...
  },
  "lint-staged": {
    ...
  },
  "devDependencies": {
    ...
  }
}

Note: My project is a Lerna based monorepo, so the above package.json has minimal fields. Perhaps, this functionality requires certain fields / values, but I'm not sure why and what those fields would be.

GitHub Action output and linked here.

[adamhenson]

For anyone who's come across this, my workaround is below, but it feels like a hack since this functionality supposedly exists in actions/setup-node.

      - name: Publish Packages
        run: |
+         echo '//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN  }}' > ${{ github.workspace }}/.npmrc
          cat .npmrc

[adifelice-godaddy]

I'm not sure .npmrc is created on repo dir, why don't you check the variable NPM_CONFIG_USERCONFIG:

      - name: Publish Packages
        run: |
-         cat .npmrc
+         cat $NPM_CONFIG_USERCONFIG

[adamhenson]

Thanks @adifelice-godaddy - interesting. Why would it create it anywhere but the repo directory... would you know? The output strangely is the below (with echo $NPM_CONFIG_USERCONFIG):

/home/runner/work/_temp/.npmrc

Do you have a recommendation of how to make this be added to the root directory? If it's more than setting an environment variable, then I'll probably just keep my hack. As in, I don't want to write a line that runs a mv command, because that would be more effort and add more mystery to the code (anyone reading would wonder why I have this mv command. My hack would be more explicit).

[adamhenson]

I tried this:

mv $NPM_CONFIG_USERCONFIG ${{ github.GITHUB_WORKSPACE }}/.npmrc

But, there's a file permission error which makes sense, but beyond my understanding of how to fix.

Run mv $NPM_CONFIG_USERCONFIG /.npmrc
mv: cannot move '/home/runner/work/_temp/.npmrc' to '/.npmrc': Permission denied
Error: Process completed with exit code 1.

I'm leaning towards just keeping my one line hack, since in order to get this to work with setup-node it seems like I would need a more complex hack. Please do let me know if I'm missing something... or not understanding the expected functionality. Also, if my expectation is wrong... feel free to close this. It's difficult to tell what the expectation is from the docs or lack thereof in the README.md.

[cdrini]

Out of curiosity, why do you need the .npmrc file in the repo? I was having an issue with the auth token not working (resulting in 404 errors, of all things!), and went down the path of trying to modify the npmrc, but it turned out that the npm token I'd generated was no longer valid, because they added 2FA or something, and I had to generate a new token for "Automation" :/ Once I updated the token everything worked without manual npmrc mods.

[kenniaa]

Out of curiosity, why do you need the .npmrc file in the repo?

Sometimes you want to include an .npmrc in a docker container as part of the build step.

[adamhenson]

In a GitHub Action I am publishing to NPM from CI. This issue isn't about answering why I'm doing a thing. This ticket was opened because a documented feature of action/node_setup is not working as expected.

[adifelice-godaddy]

Sometimes you want to include an .npmrc in a docker container as part of the build step.

action/node_setup allows you to do that, but setup is done globally in container environment. In most cases it will work as expected. It would be helpful to have more details why it's needed locally in repo's directory. Thanks.

[adamhenson]

Please stop adding comments that are not helpful in resolving this issue. For now I'm just using my workaround. I'm thinking about closing this since it hasn't gotten attention from actual contributors. I'm simply reporting a feature of this project that is broken.

My use case isn't very relevant, but since people have been inquiring and for context: it is simple and standard - I have a repo that includes the code for packages to be published to NPM. I'm using actions/setup_node to setup the Node.js environment which includes NPM and authorizing NPM.

The README for this project states that it can be used for configuring authentication for GPR or npm.

In the usage section of the README it provides an example that you might use to setup and environment to publish packages for NPM. See Publish to npmjs and GPR with npm example.

This is the example from the README.

steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
  with:
    node-version: '10.x'
    registry-url: <registry url>
- run: yarn install
- run: yarn publish
  env:
    NODE_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
- uses: actions/setup-node@v2
  with:
    registry-url: 'https://npm.pkg.github.com'
- run: yarn publish
  env:
    NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

And this setup isn't actually working.

[adamhenson]

I'm going to close this due to lack of helpful comments and this project has bigger problems.

[lkostrowski]

I run on this thread and this is related
#130

So, the problem is that actions adds scope, by default your github name. However, the package name doesn't include scope.

I fixed it by

1. Changed package name, to include my name @nick/repo
2. Added repository key to package.json, because otherwise it mismatched repo name and package name

anyway, its a bug, scope shouldn't be added right?

[longility]

For docker scenario, I ended up

1. cp $NPM_CONFIG_USERCONFIG .npmrc
2. docker build --build-arg NODE_AUTH_TOKEN .
3. Then in Dockerfile

ARG NODE_AUTH_TOKEN
ENV NODE_AUTH_TOKEN=$NODE_AUTH_TOKEN

[bblanchon]

Thanks, @longility, your comment really help: I forgot to include the scope in the package name.

[Jaykob]

For docker scenario, I ended up

1. cp $NPM_CONFIG_USERCONFIG .npmrc
2. docker build --build-arg NODE_AUTH_TOKEN .
3. Then in Dockerfile

ARG NODE_AUTH_TOKEN
ENV NODE_AUTH_TOKEN=$NODE_AUTH_TOKEN

Your code gives me a mv: cannot create regular file '/.npmrc': Permission denied as already stated by the author.