'Invalid authentication (as an unknown user)' when installing private package from Github Registry #273
Description
I'm trying to install a private packe (among others) @company/helpers, which is hosted on github registry.
I used a workflow configurations as stated in the documentation:
name: Node
on:
push:
branches: [ master]
pull_request:
branches: [ master ]
workflow_dispatch:
jobs:
build:
runs-on: [self-hosted]
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.PAT_CHECKOUT }}
submodules: true
- uses: actions/setup-node@v2.1.5
with:
node-version: 12
registry-url: https://npm.pkg.github.com/
scope: "@company"
always-auth: true
- name: fetch
run: yarn
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}When running the workflow it fails with message from yarn :
➤ YN0041: │ @company/helpers@npm:1.4.7-quick-name-fix::__archiveUrl=https%3A%2F%2Fnpm.pkg.github.com%2Fdownload%2F%40company%2Fhelpers%2F1.4.7-quick-name-fix%2F1000000000000000000000000000000000000000000000000000000000000000: Invalid authentication (as an unknown user)
(Hash at the end of the url overriden with zeros..)
It seems like yarn does explicitly ignore the authentication values, but gets correctly the registry for the scope. Besides GITHUB_TOKEN I also tried a custom token consiting of username:token and the base64 encoded value of that.
Everything works locally, so there should be no problems with the package. Furhtermore, those settings work in a different workflow to publish the package.