Using Private Packages from non-gitlab resources in gitlab’s ci / cd system.
https://docs.npmjs.com/using-private-packages-in-a-ci-cd-workflowhttps://docs.npmjs.com/creating-and-viewing-access-tokens
AUTOMATION TOKENS CAN ONLY BE MADE ON NPM WEBSITE:
npm_LONGTOKENSTUFFETCETC
Breakdown
Continuously Deploying an NPM Package with GitLab CI/CD
https://webbureaucrat.gitlab.io/posts/continuously-deploying-an-npm-package-with-gitlab-ci-cd/
Setting up continuous deployment is important to me, even when publishing is as simple as it is on npm. The official GitLab documentation, though, is a little more than I need and geared toward their own npm repository, so I’d like to gather the information I need here in a brief article.
Generating the token in npm
Go to npmjs.com and log in if you haven’t already.
Click on your profile picture at the top right.
Select the fifth item, “Access Tokens.”
Click “Generate New Token” on the top right of the page.
Select the middle option, “automation” for the right security settings.
Click “Generate Token.”
Copy the token to your clipboard.
Select “Settings” at the bottom of the menu on the left. This will open a submenu.
Select “CI/CD.”
Find the “Variables” section of the CI/CD menu and click “expand” on the right.
Click the green “Add variable” button at the bottom.
Fill in the “Key” text box with “NPM_TOKEN”.
Fill in the “Value” box with the token you copied from earlier.
Make sure the “Type” is set to “variable” instead of “file.”
Make sure both checkboxes are checked to protect and mask the variable.
A word on security
Clearly, an authentication token, especially one that controls deployment to production, is very sensitive information, so it’s worthwhile to familiarize oneself with the protections GitLab offers.
Masking an environment variable protects the variable from being seen in the console output. It is easy to imagine a scenario where an error message (or just a simple scripting mistake) could lead to this kind of information being printed to the console, and once the toothpaste is out of the tube and on the internet, there’s no putting it back in–you have to revoke that token and generate a new one. Masking prevents this easy-to-make security mistake.
Protecting an environment variable is a kind of access control. A protected environment variable can only be used in protected branches or on protected tags, and it can’t be seen by all contributors.
A critically sensitive authentication token like an NPM publish token should be both protected and masked.
Set up the pipeline with your .gitlab.yml
This is the easy part. Copy the following text and save it to a file called
Celebrate
Update your package.json with a fresh version number to make sure the push succeeds, then commit and push the new .gitlab.yml and the edited package.json. The pipeline will succeed every time you increment the version number.
Setting up continuous deployment is important to me, even when publishing is as simple as it is on npm. The official GitLab documentation, though, is a little more than I need and geared toward their own npm repository, so I’d like to gather the information I need here in a brief article.
Generate and store an authentication token
The npm team has made this straightforward.Generating the token in npm
Go to npmjs.com and log in if you haven’t already.
Click on your profile picture at the top right.
Select the fifth item, “Access Tokens.”
Click “Generate New Token” on the top right of the page.
Select the middle option, “automation” for the right security settings.
Click “Generate Token.”
Copy the token to your clipboard.
Storing the token in GitLab
Log into GitLab and open the project you intend to automate.Select “Settings” at the bottom of the menu on the left. This will open a submenu.
Select “CI/CD.”
Find the “Variables” section of the CI/CD menu and click “expand” on the right.
Click the green “Add variable” button at the bottom.
Fill in the “Key” text box with “NPM_TOKEN”.
Fill in the “Value” box with the token you copied from earlier.
Make sure the “Type” is set to “variable” instead of “file.”
Make sure both checkboxes are checked to protect and mask the variable.
A word on security
Clearly, an authentication token, especially one that controls deployment to production, is very sensitive information, so it’s worthwhile to familiarize oneself with the protections GitLab offers.
Masking an environment variable protects the variable from being seen in the console output. It is easy to imagine a scenario where an error message (or just a simple scripting mistake) could lead to this kind of information being printed to the console, and once the toothpaste is out of the tube and on the internet, there’s no putting it back in–you have to revoke that token and generate a new one. Masking prevents this easy-to-make security mistake.
Protecting an environment variable is a kind of access control. A protected environment variable can only be used in protected branches or on protected tags, and it can’t be seen by all contributors.
A critically sensitive authentication token like an NPM publish token should be both protected and masked.
Set up the pipeline with your .gitlab.yml
This is the easy part. Copy the following text and save it to a file called
.gitlab.yml
image: node:latest
stages:
- deploy
deploy:
stage: deploy
script:
- echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
- npm publish
Version 2 of .gitlab.yml addtions
build_job:
script:
- printenv NPM_TOKEN
- npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
- npm i @falconstudios/ns-player
Celebrate
Update your package.json with a fresh version number to make sure the push succeeds, then commit and push the new .gitlab.yml and the edited package.json. The pipeline will succeed every time you increment the version number.
https://stackoverflow.com/questions/22988876/install-npm-module-from-gitlab-private-repository
changed gitlab-ci to this:
image: dasnoo/node
build_job:
script:
- printenv NPM_TOKEN
- npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}
- npm i @falconstudios/ns-player
# For example package with name `@foo/bar` will use this URL for download
npm config set @foo:registry https://gitlab.example.com/api/v4/projects/
# Add the token for the scoped packages URL. Replace
# with the project where your package is located.
npm config set — ‘//gitlab.example.com/api/v4/projects/
Replace gitlab.example.com with your domain name.
You should now be able to publish and install npm packages in your project.
If you encounter an error with Yarn, view troubleshooting steps.
More
https://mcgilldevtech.com/2019/08/how-to-pull-private-npm-repo-in-gitlab-ci/ How to pull a private NPM dependency with Gitlab CI08/21/2019 If you’re like me and use git instead of NPM to host private node packages then you’ve probably ran into a time when you wanted to do a Gitlab CI build but don’t have permission to pull from your private repositories. Luckily Gitlab provides a slick way to deal with this!
This example applies to a TypeScript project I have. First you might have a package.json with the below in the dependencies section.
“a-repo”: “git+https://gitlab.com/kmcgill88/a-repo.git#4e08f44b3434d55090a1e90932d8596f84965f5d”, Since this is a private repository, your build will surely fail with an auth error! Insted of using a hacky SSH service account or environment variables with user name and password, Gitlab offers the CI_JOB_TOKEN environment variable. Every build gets a freh, temporary, token to authenticate with other Gitlab private repositories.
All that is needed in a Docker build is to add the before_script tag with the command to override ~/.netrc (only do this in a docker container).
image: node:8.15.0-alpine
stages:
- Test
before_script:
- echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
Test:
stage: Test
variables:
MY_VAR: $SHHH_SECRET
script:
- yarn && yarn test
- yarn build
tags:
- docker
Now when the yarn command starts resolving dependencies you are good to go with your private dependency!
Check out the Gitlab offical docs. https://docs.gitlab.com/ee/ci/index.html#dependent-repositories
GITLAB TOKEN:
glpat-ZZZZZZZZZZZZZZZ
Personal Access to get private repo – scope: api
Project-level npm endpoint
To use the project-level npm endpoint, set your npm configuration:
TOKEN: glpat-XZZZZZZZZZZ
projectID: 31998999
npm ERR! 404 Not Found – GET https://registry.npmjs.org/@falconstudios/ns-player/-/ns-player-1.0.7.tgz
npm ERR! 404
npm ERR! 404 ‘@falconstudios/ns-player@1.0.7’ is not in the npm registry.
GITLAB STEPS FOR GITLAB PRIVATE REGISTRY
:https://docs.gitlab.com/ee/user/packages/npm_registry/#authenticate-to-the-package-registry
Authenticate with a personal access token or deploy token
To authenticate with the Package Registry, you need a personal access token or deploy token.
Project-level npm endpoint
To use the project-level npm endpoint, set your npm configuration:
# Set URL for your scoped packages.
# For example package with name `@foo/bar` will use this URL for download
npm config set @foo:registry https://gitlab.example.com/api/v4/projects/
# Add the token for the scoped packages URL. Replace
# with the project where your package is located.
npm config set — ‘//gitlab.example.com/api/v4/projects/
Replace gitlab.example.com with your domain name.
You should now be able to publish and install npm packages in your project.
If you encounter an error with Yarn, view troubleshooting steps.
Install npm packages from other organizations
You can route package requests to organizations and users outside of GitLab.To do this, add lines to your .npmrc file. Replace my-org with the namespace or group that owns your project’s repository, and use your organization’s URL. The name is case-sensitive and must match the name of your group or namespace exactly.
Use environment variables to set up your tokens: export MY_TOKEN=”
@foo:registry=https://gitlab.example.com/api/v4/packages/npm/
//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
//gitlab.example.com/api/v4/projects/
@my-other-org:registry=https://gitlab.example.com/api/v4/packages/npm/
//gitlab.example.com/api/v4/packages/npm/:_authToken=${MY_TOKEN}
//gitlab.example.com/api/v4/projects/
npm publish targets default npm registry (registry.npmjs.org)
Ensure that your package scope is set consistently in your package.json and .npmrc files.For example, if your project name in GitLab is foo/my-package, then your package.json file
should look like:
{
“name”: “@foo/my-package”,
“version”: “1.0.0”,
“description”: “Example package for GitLab npm registry”,
}
And the .npmrc file should look like:
//gitlab.example.com/api/v4/projects/
//gitlab.example.com/api/v4/packages/npm/:_authToken=
@foo:registry=https://gitlab.example.com/api/v4/packages/npm/
Creating tokens with CLI (no automation tokens)
npm token create –read-onlynpm password:
npm notice Please check your email for a one-time password (OTP)
This operation requires a one-time password.
Enter OTP: XZXX
┌────────────────┬──────────────────────────────────────────┐
│ token │ npm_XXXXXXXXXXXXXCXXXXXXX │
├────────────────┼──────────────────────────────────────────┤
│ cidr_whitelist │ │
├────────────────┼──────────────────────────────────────────┤
│ readonly │ true │
├────────────────┼──────────────────────────────────────────┤
│ automation │ false │
├────────────────┼──────────────────────────────────────────┤
│ created │ 2022-01-12T04:25:40.329Z │
└────────────────┴──────────────────────────────────────────┘
~/documents/gitlab-shawneee/ns-cubik/ns-simplified master ❯