How to publish a scoped npm package to gitlab's package registry in a group namespace via a CI/CD pipeline

huangapple go评论54阅读模式
英文:

How to publish a scoped npm package to gitlab's package registry in a group namespace via a CI/CD pipeline

问题

我在GitLab上有一个私有的虚拟项目,我想要将其发布到GitLab的包注册表。我的虚拟项目包含四个文件:

package.json

{
  "name": "@<my-group>/<my-project>",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "repository": {
    "type": "git",
    "url": "git+https://gitlab.com/<my-group>/<my-project>.git"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "bugs": {
    "url": "https://gitlab.com/<my-group>/<my-project>/issues"
  },
  "homepage": "https://gitlab.com/<my-group>/<my-project>#readme"
}

.gitlab-ci.yml

image: node:latest

stages:
  - deploy

deploy:
  stage: deploy
  script:
    - echo "@<my-group>:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/".npmrc
    - echo "//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}" >> .npmrc
    - npm publish

index.js

console.log('success');

README.md

<my-project>

当我提交我的项目到GitLab时,作业失败,输出如下:

npm notice package: @<my-group>/<my-project>@1.0.0
npm notice === Tarball Contents === 
npm notice 8B   README.md   
npm notice 20B  index.js    
npm notice 612B package.json
npm notice === Tarball Details === 
npm notice name:          @<my-group>/<my-project>                     
npm notice version:       1.0.0                                   
npm notice filename:      <my-group>-<my-project>-1.0.0.tgz            
npm notice package size:  475 B                                   
npm notice unpacked size: 640 B                                   
npm notice shasum:        7b3db...
npm notice integrity:     sha512-xDv0dl9A86...
npm notice total files:   3                                       
npm notice 
npm notice Publishing to https://gitlab.com/api/v4/projects/<my-project-id>/packages/npm/ with tag latest and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://gitlab.com/api/v4/projects/<my-project-id>/packages/npm/@<my-group>%2f<my-project> - insufficient_scope
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

注意:
我已在上面的代码部分中使用&lt;my-group&gt;&lt;my-project&gt;&lt;my-project-id&gt;替代了实际的组名、项目名和项目ID。我遵循了GitLab官方文档上的设置步骤(参见https://docs.gitlab.com/ee/user/packages/npm_registry/),并认为可以安全排除以下可能性:

  • 我确保项目设置中启用了Package registry
  • 我按照文档中描述的命名约定进行命名。
  • 我使用的是CI_JOB_TOKEN,它应该始终有效并具有适当的权限。
  • 我确保给定范围内没有同名或同版本的包。
  • 我确保了有作用域的包的URL包含尾随斜杠(请参考上面的gitlab-ci.yml)。
  • 我确认了&lt;my-group&gt;命名空间的路径,查询https://gitlab.com/api/v4/groups(只是为了确保根命名空间是正确的)。
  • 我使用npm init --scope=@<my-group> --yes进行初始化。

仓库的URL确实是:https://gitlab.com/<my-group>/<my-project>/

对于让这个工作的任何帮助都将不胜感激。

英文:

I have a private dummy project in gitlab which I want to publish to gitlab's package registry. My dummy project contains four files:

package.json

{
  &quot;name&quot;: &quot;@&lt;my-group&gt;/&lt;my-project&gt;&quot;,
  &quot;version&quot;: &quot;1.0.0&quot;,
  &quot;description&quot;: &quot;&quot;,
  &quot;main&quot;: &quot;index.js&quot;,
  &quot;scripts&quot;: {
    &quot;test&quot;: &quot;echo \&quot;Error: no test specified\&quot; &amp;&amp; exit 1&quot;
  },
  &quot;repository&quot;: {
    &quot;type&quot;: &quot;git&quot;,
    &quot;url&quot;: &quot;git+https://gitlab.com/&lt;my-group&gt;/&lt;my-project&gt;.git&quot;
  },
  &quot;keywords&quot;: [],
  &quot;author&quot;: &quot;&quot;,
  &quot;license&quot;: &quot;ISC&quot;,
  &quot;bugs&quot;: {
    &quot;url&quot;: &quot;https://gitlab.com/&lt;my-group&gt;/&lt;my-project&gt;/issues&quot;
  },
  &quot;homepage&quot;: &quot;https://gitlab.com/&lt;my-group&gt;/&lt;my-project&gt;#readme&quot;
}

.gitlab-ci.yml

image: node:latest

stages:
  - deploy

deploy:
  stage: deploy
  script:
    - echo &quot;@&lt;my-group&gt;:registry=https://${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/&quot;&gt;.npmrc
    - echo &quot;//${CI_SERVER_HOST}/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${CI_JOB_TOKEN}&quot;&gt;&gt;.npmrc
    - npm publish

index.js

console.log(&#39;success&#39;);

README.md

&lt;my-project&gt;

When I commit my project to gitlab, the job fails with the following output

npm notice package: @&lt;my-group&gt;/&lt;my-project&gt;@1.0.0
npm notice === Tarball Contents === 
npm notice 8B   README.md   
npm notice 20B  index.js    
npm notice 612B package.json
npm notice === Tarball Details === 
npm notice name:          @&lt;my-group&gt;/&lt;my-project&gt;                     
npm notice version:       1.0.0                                   
npm notice filename:      &lt;my-group&gt;-&lt;my-project&gt;-1.0.0.tgz            
npm notice package size:  475 B                                   
npm notice unpacked size: 640 B                                   
npm notice shasum:        7b3db...
npm notice integrity:     sha512-xDv0dl9A86...
npm notice total files:   3                                       
npm notice 
npm notice Publishing to https://gitlab.com/api/v4/projects/&lt;my-project-id&gt;/packages/npm/ with tag latest and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://gitlab.com/api/v4/projects/&lt;my-project-id&gt;/packages/npm/@&lt;my-group&gt;%2f&lt;my-project&gt; - insufficient_scope
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

NOTE:
I have replaced the actual group name, project name and project id with &lt;my-group&gt;, &lt;my-project&gt;, and &lt;my-project-id&gt; in the code sections above.
I have followed gitlab's official documentation on setting this up (see https://docs.gitlab.com/ee/user/packages/npm_registry/) and believe that I can safely rule out the following:

  • I have made sure that Package registryis enabled in the project setup
  • I followed naming convention as described in the documentation
  • I am using a CI_JOB_TOKEN which should always be valid and should have appropriate permissions.
  • I made sure that there is no other package with the same name or version within the given scope.
  • I have made sure that the scoped package's URL includes a trailing slash (see gitlab-ci.yml above)
  • I have confirmed the path of the &lt;my-group&gt; namespace querying https://gitlab.com/api/v4/groups (just to make sure that the root namespace is correct)
  • I have used npm init --scope=@&lt;my-group&gt; --yes for initialization

The url of the repository is indeed: https://gitlab.com/&lt;my-group&gt;/&lt;my-project&gt;/

Any help on getting this to work would be much appreciated.

答案1

得分: 1

更改从作业令牌${CI_JOB_TOKEN}到部署令牌${CI_DEPLOY_PASSWORD}后,我能够发布到注册表。

有关预定义变量的更多信息,请参阅预定义变量参考

Gitlab部署令牌可以在设置 > 仓库 > 部署令牌下为项目创建,具有以下范围:read_repository、read_package_registry、write_package_registry

英文:

After changing from a job token ${CI_JOB_TOKEN} to a deploy token ${CI_DEPLOY_PASSWORD}, I was able to publish to the registry.

See Predefined variables reference for more info on predefined variables.

Gitlab deploy tokens can be created for projects under Settings > Repository > Deploy tokens with the following scopes: read_repository, read_package_registry, write_package_registry

huangapple
  • 本文由 发表于 2023年2月7日 04:54:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/75366486.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定