keycloakify: Yarn Install fails

This issue is not reproducible anymore on ci, so we’re back at a likely configuration issue.

I’ve started work on improved logging to get to the root. @masquerade75 if you could checkout this prof keycloakify and run DEBUG='keycloakify:debug:*' yarn (Unix/Mac) or $env:DEBUG='keycloakify:debug:*; yarn (win Powershell) in the project root, and report the output it might be helpful

This is the output

PS C:\Projects\Eclipse\Tests\keycloakify> git checkout feat/logging Already on ‘feat/logging’ Your branch is up to date with ‘origin/feat/logging’.

PS C:\Projects\Eclipse\Tests\keycloakify> git pull Already up to date.

PS C:\Projects\Eclipse\Tests\keycloakify> $env:DEBUG=‘keycloakify:debug:*’; yarn yarn install v1.22.19 [1/4] Resolving packages… success Already up-to-date. $ yarn generate-i18n-messages yarn run v1.22.19 $ ts-node --skipProject scripts/generate-i18n-messages.ts keycloakify:info:generate-i18n-messages Generating i18n message files from keycloak 21.0.1 sources +0ms C:\Projects\Eclipse\Tests\keycloakify\node_modules\minipass-fetch\lib\index.js:130 reject(new FetchError(`request to ${request.url} failed, reason: ${ ^ FetchError: request to https://github.com/keycloak/keycloak/archive/refs/tags/21.0.1.zip failed, reason: unable to get local issuer certificate at ClientRequest.<anonymous> (C:\Projects\Eclipse\Tests\keycloakify\node_modules\minipass-fetch\lib\index.js:130:14) at ClientRequest.emit (node:events:511:28) at ClientRequest.emit (node:domain:489:12) at TLSSocket.socketErrorListener (node:_http_client:495:9) at TLSSocket.emit (node:events:523:35) at TLSSocket.emit (node:domain:489:12) at emitErrorNT (node:internal/streams/destroy:151:8) at emitErrorCloseNT (node:internal/streams/destroy:116:3) at processTicksAndRejections (node:internal/process/task_queues:82:21) { code: ‘UNABLE_TO_GET_ISSUER_CERT_LOCALLY’, errno: ‘UNABLE_TO_GET_ISSUER_CERT_LOCALLY’, type: ‘system’ } error Command failed with exit code 1. info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command. error Command failed with exit code 1. info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Here’s the output after checking out the pull request

PS C:\Projects\Eclipse\Tests\keycloakify> yarn --frozen-lockfile yarn install v1.22.19 [1/4] Resolving packages… [2/4] Fetching packages… [3/4] Linking dependencies… warning “@storybook/addon-actions > react-inspector@5.1.1” has incorrect peer dependency “react@^16.8.4 || ^17.0.0”. warning “@storybook/addon-essentials > @storybook/addon-docs > @mdx-js/react@1.6.22” has incorrect peer dependency “react@^16.13.1 || ^17.0.0”. warning " > @storybook/react@6.5.16" has unmet peer dependency “require-from-string@^2.0.2”. warning “@storybook/react > react-element-to-jsx-string@14.3.4” has incorrect peer dependency “react@^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1”. warning “@storybook/react > react-element-to-jsx-string@14.3.4” has incorrect peer dependency “react-dom@^0.14.8 || ^15.0.1 || ^16.0.0 || ^17.0.1”. warning " > eslint-plugin-storybook@0.6.11" has unmet peer dependency “eslint@>=6”. warning “eslint-plugin-storybook > @typescript-eslint/utils@5.59.0” has unmet peer dependency “eslint@^6.0.0 || ^7.0.0 || ^8.0.0”. warning “eslint-plugin-storybook > @typescript-eslint/utils > @eslint-community/eslint-utils@4.4.0” has unmet peer dependency “eslint@^6.0.0 || ^7.0.0 || >=8.0.0”. [4/4] Building fresh packages… $ yarn generate-i18n-messages yarn run v1.22.19 $ ts-node --skipProject scripts/generate-i18n-messages.ts keycloakify:info:generate-i18n-messages Generating i18n message files from keycloak 21.0.1 sources +0ms C:\Projects\Eclipse\Tests\keycloakify\node_modules\minipass-fetch\lib\index.js:130 reject(new FetchError(`request to ${request.url} failed, reason: ${ ^ FetchError: request to https://github.com/keycloak/keycloak/archive/refs/tags/21.0.1.zip failed, reason: unable to get local issuer certificate at ClientRequest.<anonymous> (C:\Projects\Eclipse\Tests\keycloakify\node_modules\minipass-fetch\lib\index.js:130:14) at ClientRequest.emit (node:events:511:28) at ClientRequest.emit (node:domain:489:12) at TLSSocket.socketErrorListener (node:_http_client:495:9) at TLSSocket.emit (node:events:523:35) at TLSSocket.emit (node:domain:489:12) at emitErrorNT (node:internal/streams/destroy:151:8) at emitErrorCloseNT (node:internal/streams/destroy:116:3) at processTicksAndRejections (node:internal/process/task_queues:82:21) { code: ‘UNABLE_TO_GET_ISSUER_CERT_LOCALLY’, errno: ‘UNABLE_TO_GET_ISSUER_CERT_LOCALLY’, type: ‘system’ } error Command failed with exit code 1. info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command. error Command failed with exit code 1. info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.

Keycloakify won’t pick custom CA or SSL config from npmrc, only proxy. Maybe that’s the issue? You have an SSL proxy with a company certificate? Since yarn and npm use full npmrc config the installation works but since keycloakify build uses fetch, which needs to be configured by keycloakify code, the download fails?

Can you confirm if you have a proxy set up or vpn? Can you use curl or wget to download the zip? E.g. wget https://github.com/keycloak/keycloak/archive/refs/tags/11.0.3.zip

We should probably extend the download and unzip method to also accept these from npmrc

https://github.com/npm/make-fetch-happen#--optsca-optscert-optskey-optsstrictssl

Rename the method on line 47 and add CA and strict SSL options https://github.com/keycloakify/keycloakify/blob/main/src/bin/tools/downloadAndUnzip.ts#L47

I’d also suspect a proxy issue. I also remember that npm on windows often had issues with TLS but that was a long time ago. What versions of node and npm do you use @masquerade75 ?