10

I started usign a private npm feed on my visual studio team services account, following their guide and having added a .npmrc file

registry=https://ascend-xyz.pkgs.visualstudio.com/_packaging/AscendNPMFeed/npm/registry
always-auth=true

The problem is that the build pipeline dont work now since it require some packages from this private package.

What is the proper setup for telling npm that it can authenticate using the build access token on visual studio team services?

Do i need to set a environment variable, call npm login or someting as a build step?

Community
  • 1
  • 1
Poul K. Sørensen
  • 15,251
  • 16
  • 104
  • 257

1 Answers1

12

Update after some intense testing on our builds, for anyone having problems getting up and running with this, and in respect of the original question:

  1. Edit build definition => options => "Allow scripts to access OATH token"

When enabled, and VSTS encounters a .npmrc file, it will run the npm command

vsts-npm-auth for you, which means the .npmrc in source control only have to contain

registry=https://YOUR_DOMAIN.pkgs.visualstudio.com/_packaging/FEEDNAME/npm/registry
always-auth=true

This goes for builds that uses the VSTS Npm task, be it publish or install


Given that you set the environment variable NPM_TOKEN for the VSTS Build that is running, the npm publish command is able to substitute this in your .npmrc file. http://blog.npmjs.org/post/118393368555/deploying-with-npm-private-modules

So your .npmrc that you check into source control should look like

registry=https://YOUR_DOMAIN.pkgs.visualstudio.com/_packaging/FEEDNAME/npm/registry
always-auth=true

//YOUR_DOMAIN.pkgs.visualstudio.com/_packaging//npm/:_authToken=${NPM_TOKEN}

A token can be produced by either running the vsts-npm-auth command https://www.npmjs.com/package/vsts-npm-auth

Note that on windows, it needs the full paths sometimes for both target and source rc files (where -T: write-token-to-this-target-file), e.g

vsts-npm-auth -config c:\mysrc\.npmrc -T c:\mysrc\.npmrc -V Detailed

or, it can be generated in the "Connect to feed" dialog inside your (web interface) VSTS account under "Packaging".

Also note that, if you'd like to publish this automated and continuously, you must also find a way to bump the version number, something like

npm version patch --force -m "Published new version"

Take a look at this thread for more update package.json version automatically

VSTS does checkout HEAD commit id by default, so it's not straight forward to just run the npm version command and push back to git since one is in detached state.

Community
  • 1
  • 1
Johan O
  • 404
  • 4
  • 8
  • Thanks. I also found it that if using the NPM task on VSTS they take care of it. My problem was that I used a grunt task to run npm install. – Poul K. Sørensen Dec 14 '16 at 10:34
  • 1
    From my current tests, I've found that npm-install'ing a feed package in the same VSTS Project Collection does not require a token, so it should be sufficient with a .npmrc in the root of the consuming app having only registry= ... always-auth= ... – Johan O Dec 14 '16 at 15:22
  • Yes, thats also what I found out – Poul K. Sørensen Dec 14 '16 at 16:49
  • 1
    I'd like to add that we've now moved away from VSTS npm package manager due to severe performance issues causing our builds to fail on roughly 40% ratio. – Johan O May 25 '17 at 13:44
  • I can't seem to replicate this. Are you saying there's a vsts-npm-auth task that automatically runs when there's a `.npmrc` file present that will populate the project's `.npmrc` file with credentials? For instance, if you run a Docker container, it can use that `.npmrc` file with the credentials in it? – Kevin Ghadyani Feb 21 '18 at 10:02
  • This does not seem to be under "Options" anymore. I found it in "Tasks" tab, "Phase 1" under "Pipeline" on the left. Then on the right at the bottom of the "Agent Job" section, "Additional options" then I was able to find "Allow scripts to access OAuth tokens" – Dan Csharpster Oct 22 '18 at 15:28