Not using scoped registry

[jonathan-falomir]

Hi,

I posted this directly on the semantic-release/gitlab project but I believe this is actually an issue with the semantic-release/npm package.

I'm trying to use semantic-release to publish to a scoped private registry on gitlab but I keep getting error because it's trying to auth against the public registry instead the private one.

Here are my settings (with some things obscured)
package.json

{
  "name": "@mygroup/npm_registry",
  "version": "1.0.12",
  "description": "Test",
  "main": "index.ts",
  "repository": "https://gitlab.com/mygroup/randomStuff/npm_registry",
  "author": "An author",
  "license": "UNLICENSED",
  "private": false,
  "scripts": {
  	.....
       "semantic-release": "semantic-release"
  },
  dependencies": {
  ......
  },
  "devDependencies": {
  .....
  	"semantic-release": "^17.4.4",
    "@semantic-release/commit-analyzer": "^8.0.1",
    "@semantic-release/release-notes-generator": "^9.0.3",
    "@semantic-release/gitlab": "^6.2.1",
    "@semantic-release/npm": "^7.1.3",
    "@semantic-release/git": "^9.0.0"
  }
  .......
"publishConfig": {
    "@mygroup:registry": "https://gitlab.com/api/v4/projects/XXXXXX/packages/npm/"
  }
}

.npmrc (The authTokens are personal tokens with full access)

//gitlab.com/api/v4/projects/XXXXXXX/packages/npm/:_authToken=YYYYYYYYYYYYYYYYY
//gitlab.com/api/v4/packages/npm/:_authToken=YYYYYYYYYYYYYYYYY
@mygroup:registry "https://gitlab.com/api/v4/packages/npm/"

.releaserc.json

{
    "branches": ["main"],
    "plugins": [
      "@semantic-release/commit-analyzer",
      "@semantic-release/release-notes-generator",
      [
        "@semantic-release/gitlab",
        {
          "gitlabUrl": "https://gitlab.com",
          "gitlabApiPathPrefix": "/api/v4",
          "verifyConditions": []
        }
      ],
      "@semantic-release/npm",
      [
        "@semantic-release/git",
        {
          "assets": ["package.json"],
          "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
        }
      ]
    ]
  }

I've tried multiple ways of running it from local which prompts me for username and password multiple times (for password I use a gitlab personal access token) and from CI/CD using:

.gitlab-ci.yaml

default:
  image: node:14.17

variables:
  NPM_TOKEN: ${CI_JOB_TOKEN}

stages:
  - publish

Publish:
  stage: publish
  script:
    - mkdir -p /root/.config/git
    - echo https://myusername:XXXXXXXXXXXXX@gitlab.com/ > /root/.config/git/credentials
    - git config --global credential.helper store
    - GL_TOKEN=YYYYYYYYYYYYYY;NPM_TOKEN=YYYYYYYYYYYYYY; npm run semantic-release --debug

It's worth noting that the exact steps on the CI/CD have changed a lot since I've been testing multiple things like not passing the vars on the call and making sure they are all setup directly on gitlab but nothing works.
For environment variables I have NPM_TOKEN, GL_TOKEN, GITLAB_TOKEN.

Here is the actual error when running locally:

> @mygroup/npm_registry@1.0.12 semantic-release
> semantic-release

[11:36:42 a.m.] [semantic-release] › ℹ  Running semantic-release version 17.4.4
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/gitlab"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/git"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/git"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/gitlab"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ✔  Loaded plugin "addChannel" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ⚠  This run was not triggered in a known CI environment, running in dry-run mode.
j[11:36:56 a.m.] [semantic-release] › ⚠  Run automated release from branch main on repository https://gitlab.com/mygroup/randomStuff/npm_registry in dry-run mode
[11:37:00 a.m.] [semantic-release] › ✔  Allowed to push to the Git repository
[11:37:00 a.m.] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/gitlab"
[11:37:00 a.m.] [semantic-release] [@semantic-release/gitlab] › ℹ  Verify GitLab authentication (https://gitlab.com/api/v4)
[11:37:00 a.m.] [semantic-release] › ✖  Failed step "verifyConditions" of plugin "@semantic-release/gitlab"
[11:37:00 a.m.] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/npm"
[11:37:00 a.m.] [semantic-release] [@semantic-release/npm] › ℹ  Verify authentication for registry https://registry.npmjs.org/
[11:37:00 a.m.] [semantic-release] [@semantic-release/npm] › ℹ  Reading npm config from /home/user/Work/git/npm_registry/.npmrc
[11:37:00 a.m.] [semantic-release] [@semantic-release/npm] › ℹ  Wrote NPM_TOKEN to /tmp/6a8800c051f3e40927850be223835151/.npmrc
npm ERR! code E401
npm ERR! 401 Unauthorized - GET https://registry.npmjs.org/-/whoami

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/user/.npm/_logs/2021-07-22T18_37_01_006Z-debug.log
[11:37:01 a.m.] [semantic-release] › ✖  Failed step "verifyConditions" of plugin "@semantic-release/npm"
[11:37:01 a.m.] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/git"
[11:37:01 a.m.] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/git"
[11:37:01 a.m.] [semantic-release] › ✖  EINVALIDNPMTOKEN Invalid npm token.
The npm token (https://github.com/semantic-release/npm/blob/master/README.md#npm-registry-authentication) configured in the NPM_TOKEN environment variable must be a valid token (https://docs.npmjs.com/getting-started/working_with_tokens) allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two Factor Authentication for your account, set its level to "Authorization only" (https://docs.npmjs.com/getting-started/using-two-factor-authentication#levels-of-authentication) in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

[11:37:01 a.m.] [semantic-release] › ✖  An error occurred while running semantic-release: HTTPError: Response code 403 (Forbidden)
    at EventEmitter.<anonymous> (/home/user/Work/git/npm_registry/node_modules/got/dist/source/as-promise.js:118:31)
    at processTicksAndRejections (internal/process/task_queues.js:93:5) {
  pluginName: '@semantic-release/gitlab'
}
AggregateError: 
    HTTPError: Response code 403 (Forbidden)
        at EventEmitter.<anonymous> (/home/user/Work/git/npm_registry/node_modules/got/dist/source/as-promise.js:118:31)
    SemanticReleaseError: Invalid npm token.
        at module.exports (/home/user/Work/git/npm_registry/node_modules/@semantic-release/npm/lib/get-error.js:6:10)
        at module.exports (/home/user/Work/git/npm_registry/node_modules/@semantic-release/npm/lib/verify-auth.js:26:33)
        at async verifyConditions (/home/user/Work/git/npm_registry/node_modules/@semantic-release/npm/index.js:36:7)
        at async validator (/home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/normalize.js:34:24)
        at async /home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/pipeline.js:37:34
        at async Promise.all (index 0)
        at async next (/home/user/Work/git/npm_registry/node_modules/p-reduce/index.js:16:18)
    at /home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/pipeline.js:54:11
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async Object.pluginsConf.<computed> [as verifyConditions] (/home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/index.js:80:11)
    at async run (/home/user/Work/git/npm_registry/node_modules/semantic-release/index.js:95:3)
    at async module.exports (/home/user/Work/git/npm_registry/node_modules/semantic-release/index.js:260:22)
    at async module.exports (/home/user/Work/git/npm_registry/node_modules/semantic-release/cli.js:55:5)

I get the same when running through CI/CD

Not sure if it helps but here is the folder structure also:

>dist
>node_modules
>src
>types
.gitignore
.gitlab-ci.yml
.npmrc
.releaserc.json
package-lock.json
package.json
tsconfig.json

After a while I realized that if I change the private field on the package.json from false to true I no longer get the error but it skips the actual publish of the npm package.
I get the following:

...
[12:13:39 AM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/gitlab"
[12:13:40 AM] [semantic-release] [@semantic-release/gitlab] › ℹ  Published GitLab release: v1.0.4
[12:13:40 AM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/gitlab"
[12:13:40 AM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/npm"
[12:13:40 AM] [semantic-release] [@semantic-release/npm] › ℹ  Skip publishing to npm registry as package.json's private property is true
[12:13:40 AM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/npm"
[12:13:40 AM] [semantic-release] › ✔  Published release 1.0.4 on default channel
....

Thanks

[travi]

.npmrc (The authTokens are personal tokens with full access)

//gitlab.com/api/v4/projects/XXXXXXX/packages/npm/:_authToken=YYYYYYYYYYYYYYYYY
//gitlab.com/api/v4/packages/npm/:_authToken=YYYYYYYYYYYYYYYYY
@mygroup:registry "https://gitlab.com/api/v4/packages/npm/"

the .npmrc file uses ini format, which your example does not follow. your registry definition should use a = rather than a and does not need to be quoted. here is an example from the npm docs: https://docs.npmjs.com/cli/v7/configuring-npm/npmrc#comments

[jonathan-falomir]

@travi that was it!
So strange that running npm publish does work with the incorrect format but in any case thanks a lot for that.