Unable to publish to GitHub Package Registry

[daquinoaldo]

I use the workflow you suggest, but the npm publish action on GitHub Package Registry doesn't work. On npmjs it works.

Workflow

name: publish

on: release

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12
      - run: npm ci
      - run: npm test

  # works
  publish-npm:
    name: Publish NPM
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://registry.npmjs.org/
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}

  # doesn't work: tries to publish on https://registry.npmjs.org
  publish-gpr:
    name: Publish GitHub Packages
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          registry-url: 'https://npm.pkg.github.com'
      - run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}

npm publish on npmjs works. On gpr doesn't. Follows the GitHub Action output of the publish-gpr job.

Run actions/setup-node@v1
   with:
    registry-url: https://npm.pkg.github.com
    node-version: 10.x
in/tar xzC /home/runner/work/_temp/bc5bc42b-b229-41ac-b8a0-e554467f0c90 -f /home/runner/work/_temp/5cda4e3f-6051-4aaa-b41f-c4761c6cac12
##[add-path]/opt/hostedtoolcache/node/10.16.3/x64/bin
##[set-env name=NPM_CONFIG_USERCONFIG;]/home/runner/work/_temp/.npmrc
##[set-env name=NODE_AUTH_TOKEN;]XXXXX-XXXXX-XXXXX-XXXXX
Added matchers: 'tsc'. Problem matchers scan action output for known warning or error strings and report these inline.
##[add-matcher]/home/runner/work/_actions/actions/setup-node/v1/.github/tsc.json
Added matchers: 'eslint-stylish'. Problem matchers scan action output for known warning or error strings and report these inline.
##[add-matcher]/home/runner/work/_actions/actions/setup-node/v1/.github/eslint-stylish.json
Added matchers: 'eslint-compact'. Problem matchers scan action output for known warning or error strings and report these inline.
##[add-matcher]/home/runner/work/_actions/actions/setup-node/v1/.github/eslint-compact.json

Run npm publish
  npm publish
  shell: /bin/bash -e {0}
  env:
    NPM_CONFIG_USERCONFIG: /home/runner/work/_temp/.npmrc
    NODE_AUTH_TOKEN: ***

npm notice [...]
npm notice total files:   18                                      
npm notice 
npm ERR! code E401
npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/https-localhost - You must be logged in to publish packages.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2019-09-04T13_02_57_793Z-debug.log
##[error]Process completed with exit code 1.

As you can see in Run actions/setup-node@v1 the registry-url is right, in Run npm publish is not.

[damccorm]

Sorry, misunderstood - any chance you can share your package.json file? Also, are you able to publish to GPR locally with that package.json file?

[krystof-k]

I'm also having trouble with pushing to GitHub Package Registry. Getting this error:

yarn publish v1.17.3
warning package.json: No license field
verbose 0.261 Checking for configuration file "/home/runner/work/icons/icons/.npmrc".
verbose 0.261 Checking for configuration file "/home/runner/work/_temp/.npmrc".
verbose 0.261 Found configuration file "/home/runner/work/_temp/.npmrc".
verbose 0.262 Checking for configuration file "/opt/hostedtoolcache/node/10.16.3/x64/etc/npmrc".
verbose 0.262 Checking for configuration file "/home/runner/work/icons/icons/.npmrc".
verbose 0.262 Checking for configuration file "/home/runner/work/icons/.npmrc".
verbose 0.263 Checking for configuration file "/home/runner/work/.npmrc".
verbose 0.263 Checking for configuration file "/home/runner/.npmrc".
verbose 0.263 Checking for configuration file "/home/.npmrc".
verbose 0.265 Checking for configuration file "/home/runner/work/icons/icons/.yarnrc".
verbose 0.266 Checking for configuration file "/home/runner/.yarnrc".
verbose 0.266 Checking for configuration file "/opt/hostedtoolcache/node/10.16.3/x64/etc/yarnrc".
verbose 0.266 Checking for configuration file "/home/runner/work/icons/icons/.yarnrc".
verbose 0.266 Checking for configuration file "/home/runner/work/icons/.yarnrc".
verbose 0.267 Checking for configuration file "/home/runner/work/.yarnrc".
verbose 0.267 Checking for configuration file "/home/runner/.yarnrc".
verbose 0.267 Checking for configuration file "/home/.yarnrc".
verbose 0.271 current time: 2019-09-08T13:39:01.649Z
warning package.json: No license field
[1/4] Bumping version...
info Current version: 0.4.4
[2/4] Logging in...
[3/4] Publishing...
verbose 0.385 Performing "PUT" request to "https://npm.pkg.github.com/@cloudaper%2ficons".
verbose 1.039 Request "https://npm.pkg.github.com/@cloudaper%2ficons" finished with status code 500.
/usr/share/yarn/lib/cli.js:66812
            throw new (_errors || _load_errors()).ResponseError(_this3.reporter.lang('requestFailed', description), res.statusCode);
            ^

Error: Request failed "500 Internal Server Error"
    at ResponseError.ExtendableBuiltin (/usr/share/yarn/lib/cli.js:696:66)
    at new ResponseError (/usr/share/yarn/lib/cli.js:802:124)
    at Request.params.callback [as _callback] (/usr/share/yarn/lib/cli.js:66812:19)
    at Request.self.callback (/usr/share/yarn/lib/cli.js:140464:22)
    at Request.emit (events.js:198:13)
    at Request.<anonymous> (/usr/share/yarn/lib/cli.js:141436:10)
    at Request.emit (events.js:198:13)
    at IncomingMessage.<anonymous> (/usr/share/yarn/lib/cli.js:141358:12)
    at Object.onceWrapper (events.js:286:20)
    at IncomingMessage.emit (events.js:203:15)
##[error]Process completed with exit code 1.

Authentication is probably working fine, because when I publish the package locally (which works), I get another error:

yarn publish v1.17.3
warning package.json: No license field
verbose 0.267 Checking for configuration file "/home/runner/work/icons/icons/.npmrc".
verbose 0.267 Checking for configuration file "/home/runner/work/_temp/.npmrc".
verbose 0.267 Found configuration file "/home/runner/work/_temp/.npmrc".
verbose 0.268 Checking for configuration file "/opt/hostedtoolcache/node/10.16.3/x64/etc/npmrc".
verbose 0.268 Checking for configuration file "/home/runner/work/icons/icons/.npmrc".
verbose 0.268 Checking for configuration file "/home/runner/work/icons/.npmrc".
verbose 0.269 Checking for configuration file "/home/runner/work/.npmrc".
verbose 0.269 Checking for configuration file "/home/runner/.npmrc".
verbose 0.269 Checking for configuration file "/home/.npmrc".
verbose 0.271 Checking for configuration file "/home/runner/work/icons/icons/.yarnrc".
verbose 0.272 Checking for configuration file "/home/runner/.yarnrc".
verbose 0.272 Checking for configuration file "/opt/hostedtoolcache/node/10.16.3/x64/etc/yarnrc".
verbose 0.272 Checking for configuration file "/home/runner/work/icons/icons/.yarnrc".
verbose 0.272 Checking for configuration file "/home/runner/work/icons/.yarnrc".
verbose 0.272 Checking for configuration file "/home/runner/work/.yarnrc".
verbose 0.272 Checking for configuration file "/home/runner/.yarnrc".
verbose 0.273 Checking for configuration file "/home/.yarnrc".
verbose 0.276 current time: 2019-09-08T13:34:26.089Z
warning package.json: No license field
[1/4] Bumping version...
info Current version: 0.4.1
[2/4] Logging in...
[3/4] Publishing...
verbose 0.393 Performing "PUT" request to "https://npm.pkg.github.com/@cloudaper%2ficons".
verbose 1.013 Request "https://npm.pkg.github.com/@cloudaper%2ficons" finished with status code 409.
verbose 1.028 Error: Couldn't publish package: "https://npm.pkg.github.com/@cloudaper%2ficons: Document update conflict"
    at MessageError.ExtendableBuiltin (/usr/share/yarn/lib/cli.js:721:66)
    at new MessageError (/usr/share/yarn/lib/cli.js:750:123)
    at /usr/share/yarn/lib/cli.js:90245:13
    at Generator.throw (<anonymous>)
    at step (/usr/share/yarn/lib/cli.js:304:30)
    at /usr/share/yarn/lib/cli.js:317:13
    at process._tickCallback (internal/process/next_tick.js:68:7)
error Couldn't publish package: "https://npm.pkg.github.com/@cloudaper%2ficons: Document update conflict"
info Visit https://yarnpkg.com/en/docs/cli/publish for documentation about this command.
##[error]Process completed with exit code 1.

This is my package.json:

{
  "name": "@cloudaper/icons",
  "version": "0.4.5",
  "license": "UNLICENSED",
  "main": "lib/icons.js",
  "scripts": {
    "build": "node ./scripts/build-icons.js"
  },
  "repository": {
    "type": "git",
    "url": "git://github.com/cloudaper/icons.git"
  },
  "publishConfig": {
    "registry": "https://npm.pkg.github.com"
  },
  "devDependencies": {
    "extract-svg-path": "^2.1.0",
    "glob": "^7.1.2",
    "mkdirp": "^0.5.1"
  },
  "resolutions": {
    "cheerio": "0.22.0",
    "static-module": "3.0.3"
  }
}

[PeterHewat]

I have the same issue. I am unable to publish to GitHub Package Registry using GITHUB_TOKEN. The only way I managed to get it working is if I set a secret with a personal access token (PAT).

I have setup up a repo to demonstrate this:
https://github.com/PeterHewat/npm-publish-gpr

This is the content of my action .github/workflows/publish.yml:

name: NPM Publish to GitHub Package Registry

on:
  push:
    branches:
      - master
    paths:
      - 'dist/*'

jobs:
  publish-gpr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@peterhewat'

      - name: Setup GIT
        run: |
          git switch -c master
          git config user.email ""
          git config user.name "Publish Action"

      - name: Bump package.json version
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
        run: |
          npm version patch
          git push "https://$GITHUB_ACTOR:$GITHUB_TOKEN@github.com/$GITHUB_REPOSITORY"

      - name: Publish
        env:
          # NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
          NODE_AUTH_TOKEN: ${{secrets.GPR_PAT}}
        run: npm publish

This is my package.json:

{
  "name": "@peterhewat/npm-publish-gpr",
  "version": "0.0.13",
  "files": [
    "dist"
  ],
  "publishConfig": {
    "registry": "https://npm.pkg.github.com/"
  }
}

With the PAT, the action completes successfully:
https://github.com/PeterHewat/npm-publish-gpr/commit/9e0c3c5b3c20140a99c1754975fcea941dc3a9c3/checks

With GITHUB_TOKEN, I get "npm ERR! 500 Internal Server Error":
https://github.com/PeterHewat/npm-publish-gpr/commit/b2cb688b43ddd5a1a5319588921fb962a37c6ace/checks#step:6:23

The problem is that a PAT is unsuitable since my repo will be inside an enterprise account and I don't want the livelihood of my action to rely on a user setting since users of a team come and go, repos stay...

[PeterHewat]

@daquinoaldo doesn't work: tries to publish on https://registry.npmjs.org

Isn't it because you haven't specified the scope ? Checkout my example, it works... but with a PAT, not with the internally provided GITHUB_TOKEN...

[krystof-k]

@PeterHewat Hmm, interesting, I'll try it with the personal token too. So this seems more as an issue on the GitHub end.

[Mattamorphic]

Hey folks!

I found that I had to separate registry setup and registry publishing into separate steps when configuring this: https://gist.github.com/Mattamorphic/792c2f1975c7f96065b9f9fc94311218

Here's a repository where I applied that: https://github.com/Mattamorphic/github-actions-package-registry-example

Here's an example of my action being executed: https://github.com/Mattamorphic/github-actions-package-registry-example/commit/5d2e3234123ba83ca8841d498f6e3ebc4ddb9301/checks

name: Deploy package to GitHub package registry
on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: "Setup actions"
        uses: actions/checkout@v1
      - name: "npm/registry setup"
        uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: "@OWNER"
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: "publish package"
        uses: actions/bin/debug@master
        run: |
          npm run test 
          npm run build
          echo @OWNER:registry=https://npm.pkg.github.com/ >> .npmrc
          npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Notice that the step I have to configure the registry is an entirely separate step to when I am publishing my package. Also that I'm providing the GITHUB_TOKEN at the setup step as well as at the publishing step.

If you are still seeing a 500 error here, then please do reach out to https://github.com/support and we'll gladly dive into this further

[ankri]

Hi @Mattamorphic

Thank you for your snippet, but I still get the 500 Internal Server Error. I used your workflow in a test repository but had to remove uses: actions/bin/debug@master because of a workflow error

name: Deploy package to GitHub package registry
on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: 'Setup actions'
        uses: actions/checkout@v1
      - name: 'npm/registry setup'
        uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: '@tangro'
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: 'publish package'
        run: |
          npm run test 
          npm run build
          echo @tangro:registry=https://npm.pkg.github.com/ >> .npmrc
          npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

As I said I still get the 500 Internal Server Error. Log

---

I tried this with public and private repos.

[plchampigny]

@Mattamorphic @ankri Same 500 error on my side while trying with the "npm/registry setup" step.

[Mattamorphic]

Thanks @ankri, @plchampigny - I'm going to continue to look into this on our side and see what I can find out what might be causing this. Feel free to raise a support case here: https://github.com/contact with a link back to this issue, I'll also post here when I have have an update that I can share with you ✨

[Mesta]

Hey,

I faced the same error 500 trying to publish into GPR. It is now fixed since I added publishConfig section in package.json (c.f. this documentation):

"publishConfig": {
    "registry":"https://npm.pkg.github.com/@OWNER"
  },

[PeterHewat]

@Mesta I already had configured publishConfig in my package.json but still had error 500.
Could you give a link to a working repo please?

[Mattamorphic]

Just to keep you all informed we are investigating this on both the Actions and Package Registry side of things - and although I don't have an update that we can share yet, we are working on it! ❤️

[PeterHewat]

@Mattamorphic Excellent :-)

@Mesta You actually managed to publish to GPR using GITHUB_TOKEN ? If so, can you see anything particularly off in my attempt here: https://github.com/PeterHewat/npm-publish-gpr

[Mesta]

@Mesta I already had configured publishConfig in my package.json but still had error 500.
Could you give a link to a working repo please?

Sorry, I can't as it is a private repository.

@Mesta You actually managed to publish to GPR using GITHUB_TOKEN ? If so, can you see anything particularly off in my attempt here: https://github.com/PeterHewat/npm-publish-gpr

I did, but it's not working everytime and I don't understand why. Your attempt looks good to me.

[plchampigny]

@Mattamorphic Just to add more details, I am trying to publish on a private registry related to my organization. Maybe the issue is related to that specific case?

[dn-l]

Same here
npmpublish.yml
https://github.com/denlb/timer-state-machine/runs/228613882

npm ERR! 401 Unauthorized - PUT https://registry.npmjs.org/timer-state-machine - You must be logged in to publish packages.

Any hints what am I doing wrong? Seems like the registry-url was not set to https://npm.pkg.github.com/

[michaelmerrill]

Any update on this? When using the GITHUB_TOKEN I receive:

npm ERR! 400 Bad Request - PUT https://npm.pkg.github.com/@<owner>%2f<package-name> - RepoAcceptsPackageUploads: Unauthorized access. Please check to ensure your token has access to read this repository.

The token should have access to read/write the repo, yeah?

[okuryu]

Regarding occurs 500 error on publishing, I have been bumped the same error on my repo for a while, but I have confirmed it resolved on my repo today.

It works well with the following workflow:

name: Publish
on:
  release:
    types:
      - created
jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - uses: actions/setup-node@v1
        with:
          node-version: 10
          registry-url: https://npm.pkg.github.com
          scope: '@okuryu'
      - name: npm publish
        run: |
          LATEST=`npm view . version`
          CURRENT=`cat package.json | jq -r .version`
          if [ "$LATEST" != "$CURRENT" ]
          then
            npm ci
            npm publish
          fi
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Also, the following settings are not required:

• the .npmrc file is not required
• publishConfig in the package.json file is not required
• creating and configuring a personal token for your repo is not required

You might want to try publishing to GPR again.

[PeterHewat]

@okuryu I also confirm that my previously non functional YML scripts now work fine regarding publishing to GPR with GITHUB_TOKEN

[shaodahong]

@okuryu I also confirm that my previously non functional YML scripts now work fine regarding publishing to GPR with GITHUB_TOKEN

https://github.com/shaodahong/actions/runs/235078336

I recheck, is also fail, I don't know what's wrong

[okuryu]

@shaodahong Try this change:

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 86194e8..17df8cc 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -10,6 +10,7 @@ jobs:
         with:
           node-version: 10
           registry-url: 'https://npm.pkg.github.com'
-      - run: npm publish --access public
+          scope: '@shaodahong'
+      - run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/package.json b/package.json
index de10102..7d0ad50 100644
--- a/package.json
+++ b/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "@dahong/actions",
+  "name": "@shaodahong/actions",
   "version": "0.0.1",
   "main": "index.js",
   "repository": "git@github.com:shaodahong/github-action.git",

[shaodahong]

@okuryu wow, work fine, thank you

and in my see, publish package must with the scope? the scope that means my name or organnization

[shaodahong]

Github Package doc

Note: GitHub Package Registry only supports scoped NPM packages. Scoped packages have names with the format of @owner/name. Scoped packages always begin with an @ symbol. You may need to update the name in your package.json to use the scoped name. For example, "name": "@codertocat/hello-world-npm".

[krystof-k]

Yes, working now without any change to GitHub workflow YAML! 🎉

[Mesta]

Same for me. I hope the situation is stable🤞

[bryanmacfarlane]

It looks like this is resolved. Thanks all!

[jwu910]

Github Package doc

Note: GitHub Package Registry only supports scoped NPM packages. Scoped packages have names with the format of @owner/name. Scoped packages always begin with an @ symbol. You may need to update the name in your package.json to use the scoped name. For example, "name": "@codertocat/hello-world-npm".

If we change a package name to a scoped package name to conform to the GPR constraints, does this change our npm package name when the package gets published to the npm registry too?

[asbjornu]

The discussion in #73 seems to conclude that setup-node only works with scoped packages, which is pretty terrible.

[mbrowne]

In my case it turned out to be that it was being picky about the format of the repository field in package.json—but oddly only when running npm pack and then running npm publish on the tarball (running npm publish directly in the root of the repo worked fine). This seems to have only become an issue since upgrading to node 16 (or at least, it's not happening on our other repo that seems to have an otherwise identical setup).

[maguie]

Hey folks!

I found that I had to separate registry setup and registry publishing into separate steps when configuring this: https://gist.github.com/Mattamorphic/792c2f1975c7f96065b9f9fc94311218

Here's a repository where I applied that: https://github.com/Mattamorphic/github-actions-package-registry-example

Here's an example of my action being executed: https://github.com/Mattamorphic/github-actions-package-registry-example/commit/5d2e3234123ba83ca8841d498f6e3ebc4ddb9301/checks

name: Deploy package to GitHub package registry
on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: "Setup actions"
        uses: actions/checkout@v1
      - name: "npm/registry setup"
        uses: actions/setup-node@v1
        with:
          node-version: 12
          registry-url: https://npm.pkg.github.com/
          scope: "@OWNER"
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: "publish package"
        uses: actions/bin/debug@master
        run: |
          npm run test 
          npm run build
          echo @OWNER:registry=https://npm.pkg.github.com/ >> .npmrc
          npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Notice that the step I have to configure the registry is an entirely separate step to when I am publishing my package. Also that I'm providing the GITHUB_TOKEN at the setup step as well as at the publishing step.

If you are still seeing a 500 error here, then please do reach out to https://github.com/support and we'll gladly dive into this further

It worked for me as well. Thanks for sharing!