Search code examples
azure-pipelinesazure-pipelines-release-pipelineazure-artifacts

How to use private npm package feed on visual studio team services build and release management

I started usign a private npm feed on my visual studio team services account, following their guide and having added a .npmrc file

registry=https://ascend-xyz.pkgs.visualstudio.com/_packaging/AscendNPMFeed/npm/registry
always-auth=true

The problem is that the build pipeline dont work now since it require some packages from this private package.

What is the proper setup for telling npm that it can authenticate using the build access token on visual studio team services?

Do i need to set a environment variable, call npm login or someting as a build step?

Solution

  • Update after some intense testing on our builds, for anyone having problems getting up and running with this, and in respect of the original question:

    1. Edit build definition => options => "Allow scripts to access OATH token"

    When enabled, and VSTS encounters a .npmrc file, it will run the npm command

    vsts-npm-auth for you, which means the .npmrc in source control only have to contain

    registry=https://YOUR_DOMAIN.pkgs.visualstudio.com/_packaging/FEEDNAME/npm/registry
always-auth=true

    This goes for builds that uses the VSTS Npm task, be it publish or install


    Given that you set the environment variable NPM_TOKEN for the VSTS Build that is running, the npm publish command is able to substitute this in your .npmrc file. http://blog.npmjs.org/post/118393368555/deploying-with-npm-private-modules

    So your .npmrc that you check into source control should look like

    registry=https://YOUR_DOMAIN.pkgs.visualstudio.com/_packaging/FEEDNAME/npm/registry
always-auth=true

    //YOUR_DOMAIN.pkgs.visualstudio.com/_packaging//npm/:_authToken=${NPM_TOKEN}

    A token can be produced by either running the vsts-npm-auth command https://www.npmjs.com/package/vsts-npm-auth

    Note that on windows, it needs the full paths sometimes for both target and source rc files (where -T: write-token-to-this-target-file), e.g

    vsts-npm-auth -config c:\mysrc\.npmrc -T c:\mysrc\.npmrc -V Detailed

    or, it can be generated in the "Connect to feed" dialog inside your (web interface) VSTS account under "Packaging".

    Also note that, if you'd like to publish this automated and continuously, you must also find a way to bump the version number, something like

    npm version patch --force -m "Published new version"

    Take a look at this thread for more update package.json version automatically

    VSTS does checkout HEAD commit id by default, so it's not straight forward to just run the npm version command and push back to git since one is in detached state.