Unable to publish a new NPM package to Google Artifact Registry from Windows Terminal
evildead opened this issue · 7 comments
I was trying to publish a NPM package to Google Artifact Registry, by thoroughly following the instructions found here
I use:
- the Windows Terminal
- Node.js
v14.17.6 - NPM
6.14.15
I correctly logged in to Google Cloud with my user:
gcloud auth application-default logingcloud auth login
and I correctly put the output of
gcloud artifacts print-settings npm ...
to a .npmrc file inside my project
Everytime I executed:
npx google-artifactregistry-auth
I received this output:
npx: installed 47 in <some>s
Retrieving application default credentials...
Success!
But when I tried to publish the NPM package with
npm publish
I always received a 403 Forbidden error message like stated in this Stackoverflow page by another guy who had my same issue
When I checked my .npmrc in my user folder, I discovered that no _authToken was produced for my private NPM repo.
By repeating the same procedure under Linux Wsl2 (I used this Install Node.js in Linux Wsl to install Node and NPM), the Google Artifact Registry Auth was correctly able to retrieve the _authToken and save it to the .npmrc in my user folder.
Only then I was able to perform:
npm publish
Could you please check if you're able to reproduce such an issue for Windows platforms?
Thank you in advance
@evildead If you know the path to your user config, can you try explicitly setting the path to the user config?
npx google-artifactregistry-auth --credential-config=<path\to\user\config\.npmrc>
It might be that the plugin failed to infer the default location of the user config on Windows.
Also it seems the stackoverflow link is incorrect and it points back to this issue. Can you take a look?
Hello @yihanzhen
I just corrected the Stackoverflow link (sorry I missed it).
I'll try to pass the absolute path as you suggested, but as I need to put the command in the "scripts" section inside package.json, I really do believe that it would be a bad solution.
My user .npmrc is not placed in a 'weird' position, it's simply inside my Windows user folder (where it's supposed to be).
Moreover, since the procedure worked inside Linux Wsl, I copied the _authToken also inside my user .npmrc file in Windows, and now when I repeat the login and npm publish procedure, everything works also inside Windows.
So the problem lies within the very first moment you need to retrieve the _authToken.
Even though I found this workaround, it would be great if you were able to make it work properly for Windows platforms too.
I'll try to pass the absolute path as you suggested, but as I need to put the command in the "scripts" section inside package.json, I really do believe that it would be a bad solution.
Yep I agree, just wanted to propose a workaround (which may also help narrow down the cause of the issue).
Moreover, since the procedure worked inside Linux Wsl, I copied the _authToken also inside my user .npmrc file in Windows, and now when I repeat the login and npm publish procedure, everything works also inside Windows.
So the problem lies within the very first moment you need to retrieve the _authToken.
Thanks!
Hey @evildead
It's a bit weird but I can't repro this on Windows.
I had a very simple project .npmrc file with the following entries:
@windows-test:registry=https://us-west1-npm.pkg.dev/hanzhenyi3/windows/
//us-west1-npm.pkg.dev/hanzhenyi3/windows/:always-auth=true
And this in the package.json file:
"artifactregistry-login": "npx google-artifactregistry-auth"
After I ran npm run artifactregistry-login I could see the access token in my user npmrc file under C:\Users\<myusername>:
//us-west1-npm.pkg.dev/hanzhenyi3/windows/:_authToken=<auth-token-redacted>
Can you:
- double check that your project .npmrc file has the correct scope to repository mapping
- try running the command in the native command prompt
I'm not sure if the environment (command prompt vs Windows terminal) would make a difference. I'm also trying to repro it with Windows terminal but it might take me a while (having some permission issues installing it in a VM).
Hello @yihanzhen
Maybe I understood what happened exactly.
I tried several times to repeat the error from any terminal: when I start from a clean .npmrc user file (I mean without the line of my new private repo) everything is working properly.
Do you know exactly what happened?
Maybe I missed some parts of the procedure the very first time I tried, and there was an incomplete line of my new private repo (inside .npmrc user file) made more or less in this way:
//<location>-npm.pkg.dev/<google-project-id>/<repo-name>/:_password=
In such cases google-artifactregistry-auth is not able to replace this line with the correct one containing :_authToken=<token>
It's actually weird what happened, but is it possible in your opinion to try to override a previously wrong line?
Thank you very very much again
Yes it could be possible. If you have a password config in the user npmrc, the plugin won't generate an auth token for this registry. The reason is that a password of a service account is a legit way to authenticate with Artifact Registry, and usually there's no way that the plugin knows whether the password config is intended or accidentally added there.
Though I guess in your case it should be reasonable to assume an "empty" password config is added by mistake, I think it might be safer not to "play smart" here, given that overwriting the user config is irreversible.
Thanks for your feedback. I'm going to close the issue, but feel free to continue to share your thoughts here.