科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Renovate Bot fails to resolve private npm packages from Azure Artifacts - Stack Overflow

    Renovate Bot fails to resolve private npm packages from Azure Artifacts - Stack Overflow

    programmeradmin1浏览0评论

    I'm using Renovate Bot in an Azure DevOps pipeline to automate dependency updates for repositories that use a private Azure Artifacts npm registry. Despite configuring authentication via hostRules, .npmrc, and pipeline tokens, Renovate fails with errors.

    The issue occurs during the yarn install step after Renovate attempts to update dependencies. I've tried multiple configurations however can’t resolve the issue.

    Here are my configuration files:

    • config.js:

         const pipelineToken = process.env.TOKEN;
const patTokenForFeed = process.env.RENOVATE_TOKEN;

module.exports = {
  platform: "azure",
  onboarding: true,
  endpoint: ";, // Updated anization
  token: pipelineToken,
  repositories: [
    "MI-Genesis/NexusCoreCreditService",
    "MI-Genesis/NexusCoreFileGatewaySdk"
  ],
  extends: [
    "config:best-practices",
    "group:monorepos"
  ],
  prConcurrentLimit: 10,
  prHourlyLimit: 10,
  commitMessagePrefix: "fix(deps): ",
  hostRules: [
    {
      hostType: "npm",
      matchHost: "pkgs.dev.azure",
      username: "apikey",
      password: patTokenForFeed,
    }
  ],
  enabledManagers: ['npm'],
  defaultRegistryUrls: [
    '/',
    '/', // Updated URL
  ],
  packageRules: [
    {
      matchRepositories: ["MI-Genesis/NexusCoreCreditService", "MI-Genesis/NexusCoreFileGatewaySdk"],
      matchUpdateTypes: ["minor", "patch"],
      labels: ["Renovate-Dependencies-Update"],
      branchPrefix: "dependencies/",
      commitMessagePrefix: "fix(deps): ",
      prBody: "### Dependency Updates for {{depName}}\n\nThis PR updates {{depName}} to version {{newVersion}}."
    }
  ]
};

    • pipeline.yaml:

      steps:
  - task: npmAuthenticate@0
    displayName: 'Authenticate with Azure Artifacts'
    inputs:
      workingFile: .npmrc

  - script: |
      echo "//pkgs.dev.azure/my/MI-Genesis/_packaging/NexusPlatform/npm/registry/:_authToken=${TOKEN}" >> ~/.npmrc # Updated URL
    displayName: "Ensure NPM Auth Token"

  - bash: |
      git config --global user.email '[email protected]'
      git config --global user.name 'Renovate Bot'
      npx --userconfig .npmrc renovate
    displayName: 'Run Renovate'
    env:
      LOG_LEVEL: DEBUG
      RENOVATE_TOKEN: $(RENOVATE_TOKEN)
      TOKEN: $(System.AccessToken)

    • .nprmc:

      @hexfluid:registry=/ # Updated
@nexusplatform:registry=/ # Updated
registry=/ # Updated
always-auth=true

    Here is my error log snippet:

    DEBUG: hostRules applying basic authentication for pkg.dev.azure  
DEBUG: Using queue host-pkg.dev.azure, concurrency-id  
DEBUG: 'host' read:toybit found for [execution]: lookup - using first configured only  
    "password": "node",  
    "registryUrls": [  
    ";,  
    ";  
DEBUG: failed to look up node version package node  
ERROR: Command failed: yarn install --ignore-engines --ignore-platform --network-timeout 100000 --ignore-scripts  
stderr: "Couldn't find package \"@types/node\" on the \"npm\" registry."  

WARN: Excess registryUrls found for datasource lookup - using first configured only (repository=MI-Genesis/NexusCoreCreditService)
        "datasource": "node-version",
        "packageName": "node",
        "registryUrls": [
          ";,
          ";  // Updated
        ]
DEBUG: hostRules: no authentication for registry.npmjs (repository=MI-Genesis/NexusCoreCreditService)
DEBUG: Using queue: host=registry.npmjs, concurrency=16 (repository=MI-Genesis/NexusCoreCreditService)

    Am I overlooking anything or missing a step? I

    I'm using Renovate Bot in an Azure DevOps pipeline to automate dependency updates for repositories that use a private Azure Artifacts npm registry. Despite configuring authentication via hostRules, .npmrc, and pipeline tokens, Renovate fails with errors.

    The issue occurs during the yarn install step after Renovate attempts to update dependencies. I've tried multiple configurations however can’t resolve the issue.

    Here are my configuration files:

    • config.js:

         const pipelineToken = process.env.TOKEN;
const patTokenForFeed = process.env.RENOVATE_TOKEN;

module.exports = {
  platform: "azure",
  onboarding: true,
  endpoint: "https://dev.azure/my", // Updated anization
  token: pipelineToken,
  repositories: [
    "MI-Genesis/NexusCoreCreditService",
    "MI-Genesis/NexusCoreFileGatewaySdk"
  ],
  extends: [
    "config:best-practices",
    "group:monorepos"
  ],
  prConcurrentLimit: 10,
  prHourlyLimit: 10,
  commitMessagePrefix: "fix(deps): ",
  hostRules: [
    {
      hostType: "npm",
      matchHost: "pkgs.dev.azure",
      username: "apikey",
      password: patTokenForFeed,
    }
  ],
  enabledManagers: ['npm'],
  defaultRegistryUrls: [
    'https://registry.npmjs./',
    'https://pkgs.dev.azure/my/MI-Genesis/_packaging/NexusPlatform/npm/registry/', // Updated URL
  ],
  packageRules: [
    {
      matchRepositories: ["MI-Genesis/NexusCoreCreditService", "MI-Genesis/NexusCoreFileGatewaySdk"],
      matchUpdateTypes: ["minor", "patch"],
      labels: ["Renovate-Dependencies-Update"],
      branchPrefix: "dependencies/",
      commitMessagePrefix: "fix(deps): ",
      prBody: "### Dependency Updates for {{depName}}\n\nThis PR updates {{depName}} to version {{newVersion}}."
    }
  ]
};

    • pipeline.yaml:

      steps:
  - task: npmAuthenticate@0
    displayName: 'Authenticate with Azure Artifacts'
    inputs:
      workingFile: .npmrc

  - script: |
      echo "//pkgs.dev.azure/my/MI-Genesis/_packaging/NexusPlatform/npm/registry/:_authToken=${TOKEN}" >> ~/.npmrc # Updated URL
    displayName: "Ensure NPM Auth Token"

  - bash: |
      git config --global user.email '[email protected]'
      git config --global user.name 'Renovate Bot'
      npx --userconfig .npmrc renovate
    displayName: 'Run Renovate'
    env:
      LOG_LEVEL: DEBUG
      RENOVATE_TOKEN: $(RENOVATE_TOKEN)
      TOKEN: $(System.AccessToken)

    • .nprmc:

      @hexfluid:registry=https://pkgs.dev.azure/my/MI-Genesis/_packaging/HexFluidIntro/npm/registry/ # Updated
@nexusplatform:registry=https://pkgs.dev.azure/my/_packaging/nexus-public/npm/registry/ # Updated
registry=https://pkgs.dev.azure/my/MI-Genesis/_packaging/NexusPlatform/npm/registry/ # Updated
always-auth=true

    Here is my error log snippet:

    DEBUG: hostRules applying basic authentication for pkg.dev.azure  
DEBUG: Using queue host-pkg.dev.azure, concurrency-id  
DEBUG: 'host' read:toybit found for [execution]: lookup - using first configured only  
    "password": "node",  
    "registryUrls": [  
    "https://registry.nmpis.",  
    "https://pkg.dev.azure/my#/MI-Gemesis/_packaging/Newxml/artora/rpm/registry"  
DEBUG: failed to look up node version package node  
ERROR: Command failed: yarn install --ignore-engines --ignore-platform --network-timeout 100000 --ignore-scripts  
stderr: "Couldn't find package \"@types/node\" on the \"npm\" registry."  

WARN: Excess registryUrls found for datasource lookup - using first configured only (repository=MI-Genesis/NexusCoreCreditService)
        "datasource": "node-version",
        "packageName": "node",
        "registryUrls": [
          "https://registry.npmjs.",
          "https://pkgs.dev.azure/my/MI-Genesis/_packaging/NexusPlatform/npm/registry"  // Updated
        ]
DEBUG: hostRules: no authentication for registry.npmjs. (repository=MI-Genesis/NexusCoreCreditService)
DEBUG: Using queue: host=registry.npmjs., concurrency=16 (repository=MI-Genesis/NexusCoreCreditService)

    Am I overlooking anything or missing a step? I

    • npm
    • azure-devops
    • azure-artifacts
    • renovate
    • yarn
    Share Improve this question edited Mar 12 at 18:21 jonrsharpe 122k30 gold badges268 silver badges476 bronze badges asked Mar 12 at 10:58 NishNish 958 bronze badges 2
    • From your log: using first configured only and registry.nmpis., isn't there a typo npmjs? – Gaël J Commented Mar 12 at 21:26
    • Thanks for identifying. Yes, it's a typo. – Nish Commented Mar 13 at 10:48
    Add a comment  | 

    1 Answer 1

    Reset to default 1

    According to the error message, your pipeline cannot complete the authentication to access the Azure artifact. Making the following changes can resolve the issue.

    1. Modify your config.js .

      Change the password in hostRules to process.env.TOKEN or your variable pipelineToken.

        hostRules: [
    {
      hostType: "npm",
      matchHost: "pkgs.dev.azure",
      username: "apikey",
      password: process.env.TOKEN,
    }
  ],

      Then you can remove environment variable RENOVATE_TOKEN from your YAML file.

    2. Or you can modify your pipeline.yaml file.

      Change environment variable RENOVATE_TOKEN to $(System.AccessToken).

        - bash: |
      git config --global user.email '[email protected]'
      git config --global user.name 'Renovate Bot'
      npx --userconfig .npmrc renovate
    displayName: 'Run Renovate'
    env:
      LOG_LEVEL: DEBUG
      RENOVATE_TOKEN: $(System.AccessToken)
      TOKEN: $(System.AccessToken)

    3. Assign your build service account with required permissions to your repo and artifact. I would suggest adding the build service account into the Contributors group in your project to avoiding more permissions configuration.

      • If you have turned on Limit job authorization scope to current project for non-release pipelines and Protect access to repositories in YAML pipelines options from Project Settings -> Pipelines -> Settings, add project-level build service account {ProjectName} Build Service (yourOrgName) into the Contributors group.

      • If you have turned off them, add -level build service account Project Collection Build Service (yourOrgName) into the Contributors group.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论