You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: Include warning when configuring token to install private packages
The distinction between `secrets.GITHUB_TOKEN` and `secrets.NPM_TOKEN` cost myself and a colleague numerous hours when we were trying to fix a GitHub Actions workflow which needed to install a private package from a different repository from our GitHub organisation.
Given the issue dedicated to this point is closed, we should include a warning here to make it more clear why `secrets.GITHUB_TOKEN` will not work when passed to `npm ci`, in the presence of private packages from other GitHub Package repositories.
Copy file name to clipboardExpand all lines: docs/advanced-usage.md
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -247,3 +247,5 @@ steps:
247
247
# `npm rebuild` will run all those post-install scripts for us.
248
248
- run: npm rebuild && npm run prepare --if-present
249
249
```
250
+
251
+
NOTE: As per https://github.com/actions/setup-node/issues/49 you cannot use `secrets.GITHUB_TOKEN` to access private GitHub Packages within the same organisation.
0 commit comments