Dhruv Jain

GitHub Packages Done Right

GitHub Packages with GitHub Actions

June 27, 2020

GitHub Packages

GitHub Packages is an npm registry for your node/npm packages - private or public, just simply hosted at GitHub for you.

GitHub Packages can be easily used to publish private packages for your organization or self.

This guide covers how to use the packages in GitHub Actions. Pre assuming that you have already published a package on GitHub Packages (let’s call it @foo/bar, where foo is your scope and bar is the package name).

Let’s divide the whole procedure into steps πŸ›΅:

Step 1. As GitHub Help says, the default GITHUB_TOKEN cannot install packages from any private repository besides the repository where the action runs. So, for accessing other private packages, we need to get a personal access token with the following scopes:

  • repo
  • write:packages
  • read:packages
  • delete:packages

GitHub Personal Access Token Permissions for GitHub Packages

This token will ensure πŸ• that you don’t have any Unauthorized Access or 401 errors.

Step 2. Create a new SECRET in the consuming repository. How to add a Secret. Let’s name the secret as GP_TOKEN. That’s all on Step 2 πŸ€—.

Step 3. And the final step 🏁. In your [action].yml file, add one more step before dependencies installation -

- name: Create .npmrc
  run: |
    echo "//npm.pkg.github.com/:_authToken=${{ secrets.GP_TOKEN }}" >> .npmrc
    echo "@foo:registry=https://npm.pkg.github.com" >> .npmrc

Replace foo with your package’s organization scope and yeah!! you are good to go. This step will create a .npmrc file in your repository on the GitHub Action’s machine signifying the registry to fetch the corresponding scoped packages.

git push and enjoy GitHub Packages 🍿 🍿 🍿.