Allow for custom npmrc file

[itsjoekent]

🎉 Thanks for submitting a pull request! 🎉

Summary

Fixes #423

Along with many open-ended Netlify support request threads/comments, eg: https://answers.netlify.com/t/support-guide-using-private-npm-modules-on-netlify/795/57

This answer on the Netlify forums best explains why the current NPM_TOKEN and .npmrc committed to the repo is not a great solution.

Directly adding the .npmrc file causes local npm installs to fail due to missing the variable ie: //npm.pkg.github.com/:_authToken=${NPM_TOKEN}. Given that developers normally login to npm using the npm login command locally, there should be absolutely no reason for them to also need to set NPM_TOKEN on their machine just so that npm install can work on their machine.

Many of the comments I found across the web & the above forum posts are looking for a custom "pre install" step, but for the most common use case requested (add a custom npmrc file before install), that seems like an over-complication.

This PR adds two new options,

1. A GITHUB_PACKAGES_TOKEN environment variable that creates an npmrc file for the GitHub packages registry.
2. A NPM_RC environment variable that lets you create a custom npmrc file, especially useful when you want to define custom scoped registries.

---

For us to review and ship your PR efficiently, please perform the following steps:

• [x] Open a bug/issue before writing your code 🧑‍💻. This ensures we can discuss the changes and get feedback from everyone that should be involved. If you`re fixing a typo or something that`s on fire 🔥 (e.g. incident related), you can skip this step.
• [x] Read the contribution guidelines 📖. This ensures your code follows our style guide and passes our tests.
• [x] Update or add tests (if any source code was changed or added) 🧪
• [ ] Update the included software doc (if you updated included software) 📄
• [ ] Update or add documentation (if features were changed or added) 📝
• [ ] Make sure the status checks below are successful ✅

A picture of a cute animal (not mandatory, but encouraged)

[itsjoekent]

Closing this in favor of using: https://github.com/netlify/build-image/pull/854

[robnewton]

This appears to be what I am looking for (resolving private packages from github registries) but I don't understand how to linked PR covers it.

[itsjoekent]

@robnewton You can run a pre-script before the npm install happens, and that script outputs your custom .npmrc file. You could place the contents of the npmrc in an environment variable, "NPMRC=@yourorg:registry=https://registry.example.com\n//registry.example.com/:authToken=123abc, and your postinstall would be echo $NPMRC > .npmrc

[itsjoekent]

@robnewton FWIW, a simpler workaround we used is to create a netlify folder in your repo, place the .npmrc in that (to avoid using the npm command),

always-auth=true
//registry.npmjs.org/
//npm.pkg.github.com/:_authToken=${GITHUB_PACKAGES_TOKEN}
@your_org_name:registry=https://npm.pkg.github.com/

and then in your netlify.toml add the following,

[build.environment]
  NPM_CONFIG_USERCONFIG = "./netlify/.npmrc"

[robnewton]

@itsjoekent

and then in your netlify.toml add the following,

[build.environment]
  NPM_CONFIG_USERCONFIG = "./netlify/.npmrc"

Yeah, I just tried that technique actually, on the latest build image (focal), and unfortunately it didn't work. I still get

3:07:44 PM: npm ERR! code E401
3:07:44 PM: npm ERR! 401 Unauthorized - GET https://npm.pkg.github.com/download/... - authentication token not provided

[robnewton]

oh wait, I just noticed thats ./netlify and not /.netlify. I think that's why it didnt work. Trying again with a new netlify folder in the repo root.

[robnewton]

Yep, that was it. It worked! Thanks for the nudge @itsjoekent

[itsjoekent]

No problemo! @robnewton