Using private packages / dependencies
How to use Github packages for private dependencies
Accessing GitHub packages for private dependencies requires the following steps:
Create a personal access token in GitHub
Open your Codemagic app settings, and go to the Environment variables tab.
Enter the desired Variable name, e.g.
GITHUB_TOKEN.Copy and paste the token as Variable value.
Enter the variable group name, e.g. github_credentials. Click the button to create the group.
Make sure the Secret option is selected.
Click the Add button to add the variable.
Add the variable group to your
codemagic.yamlfileenvironment: groups: - github_credentialsCreate a .npmrc file with the following contents (where @owner is your GitHub username):
registry=https://registry.npmjs.org/ @owner:registry=https://npm.pkg.github.com/ //npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}or the code below for private registries with your NPM_TOKEN:
registry=https://my-private-registry.example.com/ //my-private-registry.example.com/:_authToken=$NPM_TOKEN
Debugging issues
It is important to note that the Yarn ecosystem behaves differently depending on which version you use. As Yarn 2+ uses Plug’n’Play (PnP) system, it might check yarnrc.yml by ignoring .npmrc, so it needs to be configured instead:
npmScopes:
package_name:
npmRegistryServer: "REGISTRY_URL"
npmAuthToken: "${NPM_TOKEN}"
You can check if you are authorized successfully by running npm whoami --registry=https://REGISTRY_URL and if the private package has been published to the registry by running npm view @PACKAGE_NAME. An easy way to debug private registry-related issues is by enabling remote access to the builder machines at runtime.
Note: If your builds work fine locally when running yarn install, then double-check if you are using the same yarn version with your Codemagic builds. You can downgrade or upgrade it at runtime if necessary:
- name: Change Yarn version
script: |
corepack disable
npm uninstall -g yarn
npm install -g yarn@1.22.19