Open jshields-squarespace opened 1 year ago
@tphoney could you take a look at this please? This is the second time this year that auto updates to npm have broken this plugin.
Also could we please get some versioned Docker image releases for this plugin so we can pin to a version instead of being at the mercy of the latest
tag?
I am also running into this issue and was able to use @jshields-squarespace's workaround (thanks!) of specifying the digest on the image, but within the yaml config file used for my Drone build. Here's a snippet of that for reference:
...
steps:
- name: npm-publish
image: plugins/npm@sha256:4f0ad309dd7438248ff3323439cc79f259b6bf7064d847766d769e0b440aec7a
settings:
username: user
password:
from_secret: password
registry: "https://<private registry>"
...
ok - we will need to remove that always-auth
code
I'm wondering if we need to move away from npm username and password and towards npm tokens - I'll look into this a bit - but we will remove the always auth piece for now - https://github.com/drone-plugins/drone-npm/pull/67
@d1wilko @tphoney Thank you both for taking a look!
I tested the new changes from #67. I think it fixes the problem for token-based auth, but there is a different error now for username and password-based auth, which also appears to be due to auth changes in NPM 9.
Running the same repro steps from the issue description now gives:
latest: Pulling from plugins/npm
Digest: sha256:73bc732d156baea86bacc3c5b067381dcbe558ce8bcd0b94a695028df1d82d53
Status: Image is up to date for plugins/npm:latest
docker.io/plugins/npm:latest
time="2022-12-20T15:17:53Z" level=info msg="Specified credentials" email=drone@drone.io username=drone
time="2022-12-20T15:17:53Z" level=info msg="Found package.json" name=foobar path=package.json version=1.0.0
time="2022-12-20T15:17:53Z" level=info msg="Specified credentials" email=drone@drone.io username=drone
time="2022-12-20T15:17:53Z" level=info msg="Writing npmrc" path=/root/.npmrc
+ npm --version
9.1.2
+ npm whoami
npm ERR! code ERR_INVALID_AUTH
npm ERR! Invalid auth configuration found: `_auth` must be renamed to `//registry.npmjs.org/:_auth` in user config
npm ERR! Please run `npm config fix` to repair your configuration.`
I think that's due to this change in NPM 9.0.0-pre5 (changelog, pull request):
the presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors
@d1wilko @tphoney Thank you both for taking a look!
I tested the new changes from #67. I think it fixes the problem for token-based auth, but there is a different error now for username and password-based auth, which also appears to be due to auth changes in NPM 9.
Running the same repro steps from the issue description now gives:
latest: Pulling from plugins/npm Digest: sha256:73bc732d156baea86bacc3c5b067381dcbe558ce8bcd0b94a695028df1d82d53 Status: Image is up to date for plugins/npm:latest docker.io/plugins/npm:latest time="2022-12-20T15:17:53Z" level=info msg="Specified credentials" email=drone@drone.io username=drone time="2022-12-20T15:17:53Z" level=info msg="Found package.json" name=foobar path=package.json version=1.0.0 time="2022-12-20T15:17:53Z" level=info msg="Specified credentials" email=drone@drone.io username=drone time="2022-12-20T15:17:53Z" level=info msg="Writing npmrc" path=/root/.npmrc + npm --version 9.1.2 + npm whoami npm ERR! code ERR_INVALID_AUTH npm ERR! Invalid auth configuration found: `_auth` must be renamed to `//registry.npmjs.org/:_auth` in user config npm ERR! Please run `npm config fix` to repair your configuration.`
I think that's due to this change in NPM 9.0.0-pre5 (changelog, pull request):
the presence of auth related settings that are not scoped to a specific registry found in a config file is no longer supported and will throw errors
Confirmed publishing to private registry also not working for me after npm v9 update. Can we add auth-type legacy or update the plugin to add registry as prefix to auth?
Summary
The latest release of the
plugins/npm
Docker image (after #65) fails when trying to executenpm config set always-auth true
, with the following error message:npm ERR! `always-auth` is not a valid npm option
Cause
The Dockerfile for
plugins/npm
installsnpm
viaRUN apk add --no-cache git nodejs npm
. In the latest version ofplugins/npm
, this installs NPM version 9.1.2. In the previous release ofplugins/npm
, this was NPM version 8.1.3.Sometime between NPM 8.1.3 and 9.1.2, setting the
always-auth
option must have become an error.It appears that
always-auth
was removed in NPM 7.11.1 (changelog, pull request), but setting it as a config option didn't return an error until NPM 9.0.0-pre.6 (changelog, pull request).Repro Steps
To reproduce:
Output:
Suggested Fix
Given that
always-auth
was seemingly removed in NPM 7.11.1, perhaps we can simply stop setting it inplugins/npm
at this point.Workaround
To work around this, you can request a previous version of
plugins/npm
by digest:Output: