Closed lworkman closed 3 years ago
Unfortunately, I never managed to make it work for private packages too. I think that it could be possible since it's supported by renovate itself, but I don't know how to make it happen on DevOps.
I remember that I was coping remote packages in a folder private
and referring to this one in my package.json. Not elegant, but "working".
If you find a real solution, let me know.
I've managed to successfully pull from private azure devops artifact feeds by passing in an npmrc config via the extension optional arguments field, here's what I had in the additional args box:
--log-level=debug --npmrc=//pkgs.dev.azure.com/rkrabekTest/_packaging/rkrabekTest/npm/registry/:username=rkrabekTest\n//pkgs.dev.azure.com/rkrabekTest/_packaging/rkrabekTest/npm/registry/:_password=$(b64PAT)\nregistry=https://pkgs.dev.azure.com/rkrabekTest/_packaging/rkrabekTest/npm/registry/
The $(b64PAT) is just a variable that gets injected at runtime of the pipeline. I'm storing it as a secrets variable in the variables tab of the edit pipeline view but you could just as easily pull it from Azure Keyvault or some other source
To generate your PAT you can follow the instructions for "other" non windows platforms here: https://docs.microsoft.com/en-us/azure/devops/artifacts/npm/npmrc?view=azure-devops&tabs=windows
I've also successfully gotten this to work with a bearer token generated by vsts-npm-auth and copying it in to the _authToken field instead of using a username and _password combination by following the instructions for windows machines in the link above
In case that doesn't work (which it didn't in certain configurations with org-scoped private feed), I also ran across this guide on how to set up a yaml pipeline which worked for me: https://github.com/renovatebot/renovate/blob/master/docs/usage/setup-azure-devops.md
I'm trying to add renovate to my company's azure devops pipelines using your extension, and I've gotten to the point (following your instructions) where I have a pending PR.
However, the PR shows a warning that it "Failed to look up dependency" for our package that's hosted as an Azure artifact.
Is there some configuration step I've missed? I have the OAuth token setup, I have an
npm install
of the package working in the same pipeline (as a test), and there is a.npmrc
in the repo. Hoping there's just something I'm missing.Currently testing with a dummy JavaScript project with one dependency, the private npm module.