— Ops — 1 min read
Today the GitHub PAT (personal access token) expired in one of my projects, I literally waked up to this:
1npm ERR! code 1282npm ERR! An unknown git error occurred3npm ERR! command git --no-replace-objects ls-remote https://***@github.com/org/my-dep.git4npm ERR! remote: Support for password authentication was removed on August 13, 2021.5npm ERR! remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.6npm ERR! fatal: Authentication failed for 'https://github.com/org/my-dep.git/'7
8npm ERR! A complete log of this run can be found in:9npm ERR! /home/runner/.npm/_logs/2022-08-01T16_02_11_768Z-debug-0.log10Error: Process completed with exit code 128.
It happens that GitHub droped the support to pass along the password to auth on private repos, which is part of my workflow, because I link npm dependencies with git+https
schema, in my package.json
.
1// package.json2"dependencies": {3 // ...4 "my-dep": "git+https://<PAT_TOKEN_GOES_HERE>@github.com/org/my-dep.git#3b3b3371d24b31d18bfef6296635df37f7131925",5 // ...
💡
#3b3b3371d24b31d18bfef6296635df37f7131925
targets a specific commit.
Well for some reason this was not working anymore, that's somewhat good, because I had my PAT hardcoded right there 🤠
The proper way to this, which also addresses the issue I've posted initially, is the following.
optionalDependencies
rather than dependencies
in the package.json
. This means we will use npm install --no-optional
in our CI in order to skip the dependency that needs auth to download the package from a private repo.1"optionalDependencies": {2 "my-dep": "git+https://github.com/org/my-dep.git#3b3b3371d24b31d18bfef6296635df37f7131925"3},
1- run: npm install --no-optional2 - run: npm install git+https://$TOKEN@github.com/org/my-dep.git#3b3b3371d24b31d18bfef6296635df37f71319253 env:4 TOKEN: ${{ secrets.MY_PAT_SECRET }}
💡
MY_PAT_SECRET
needs to match the secret name you added in GitHub.
Hope this workaround helps you as it helped me!
If you liked this article, consider sharing (tweeting) it to your followers.