Failed to install private scoped npm package


#1

Hi all!

We are trying to use a scoped private npm package in our docker build and are running into issues because the builder can’t find the packages. Any idea how to add permissions to the builder to enable this to work?

@namespace/package

More info on private packages

Thanks!

AJ


#4

We’ve got a couple of options here, one done and one in the works

  1. You could build the image locally and then harness Resin to get that to the fleet using resin deploy https://docs.resin.io/reference/cli/#deploy-appname-image-
  2. We’re working on build-time secrets that would allow our builders to access private resources without those secrets being available to the fleet.

#6

Okay we’re working on the first option, is there any update on the second?


#7

Hi,
We are still working on adding support for build-time secrets on our platform. We will get back to you as soon as this gets released.


#9

Hey @thgreasi,

Could this work?
https://docs.npmjs.com/private-modules/docker-and-private-modules

I’m getting the following error:

[main]  The command '/bin/sh -c JOBS=MAX npm install --production --unsafe-perm && npm cache clean && rm -rf /tmp/*' returned a non-zero code: 7
[Info]  Uploading images
[Success]  Successfully uploaded images
[Error]  Some services failed to build:
[Error]    Service: main
[Error]      Error: The command '/bin/sh -c JOBS=MAX npm install --production --unsafe-perm && npm cache             clean && rm -rf /tmp/*' returned a non-zero code: 7
[Error]  Not deploying release.

#10

Actually getting this error first:

[main]  Error: Failed to replace env in config: ${NPM_TOKEN}
[main]  /usr/local/lib/node_modules/npm/lib/npm.js:43

#11

Hi @alexcastillo,

The issue is that we currently don’t provide a mechanism that would allow you to pass the value for that variable to our builders.
Setting the key directly in your project’s .npmrc would work, but you would also have to consider whether it is fine by your policy to commit and push such keys.
That’s where resin deploy can be used to generate a build on your machine, so that your keys don’t have to be committed or pushed.

Let us know if this approach works for you.

Thodoris


#13

Understood, thanks @thgreasi.