lerna: `lerna publish` unable to authenticate with Artifactory
We’re trying to run lerna publish
in Jenkins. We’re using private Artifactory and configuring the auth via .npmrc
file. lerna publish
fails to authenticate successfully.
Expected Behavior
Using the same .npmrc
file we’re able to successfully run yarn publish
after building the packages separately, so we’d expect Lerna to be able to do the same.
- if Lerna requires different configuration in order to authenticate with private npm registries like Artifactory it would be useful for that to be documented
- if Lerna doesn’t support auth via the .npmrc file it would be nice for it to do so or to offer some alternative
Current Behavior
When running lerna publish
we get:
...
14:29:46 lerna info publish Publishing packages to npm...
14:29:46 lerna notice Skipping all user and access validation due to third-party registry
14:29:46 lerna notice Make sure you're authenticated properly ¯\_(ツ)_/¯
14:29:48 lerna http fetch PUT 401 https://artifactory.???/api/npm/???/??? 2819ms
14:29:48 lerna ERR! E401 Unable to authenticate, need: Basic realm="Artifactory Realm"
14:29:48 error Command failed with exit code 1.
Possible Solution
- support auth via .npmrc file
Steps to Reproduce (for bugs)
.npmrc file looks like this:
@???:registry=https://artifactory.???.???.net/api/npm/???/
//artifactory.???.???.net/api/npm/???/:_password=${ARTIFACTORY_TOKEN}
//artifactory.???.???.net/api/npm/???/:username=???
//artifactory.???.???.net/api/npm/???/:email=???@???.com
//artifactory.???.???.net/api/npm/???/:always-auth=true
and we run the command lerna publish
lerna.json
{
"packages": ["packages/*"],
"version": "independent",
"npmClient": "yarn",
"useWorkspaces": true,
"command": {
"publish": {
"conventionalCommits": true,
"yes": true,
"message": "chore(release): publish",
"exact": true
}
}
}
Context
At the moment we’re doing a hacky workaround to publish our packages by running:
lerna version
to get the versions bumps requiredyarn lerna run
to build the new packages- publish with
yarn publish
Overall it feels like we’re unable to use Lerna as it was intended
Your Environment
Running the build in Jenkins in a Debian stretch docker container
Executable | Version |
---|---|
lerna --version |
v3.22.1 |
npm --version |
6.14.5 |
yarn --version |
1.22.4 |
node --version |
v12.18.1 |
OS | Version |
---|---|
Debian | GNU/Linux 9 (stretch) |
About this issue
- Original URL
- State: open
- Created 4 years ago
- Reactions: 28
- Comments: 25 (2 by maintainers)
So is there a fix coming for v4.x? Don’t think it’s tenable to have people on prior major versions in the long term.
I had to downgrade to @3.22.0 in order to have it working. Other options did not help. 4.0.0 is not stable.
In my case, with the
~/.npmrc
below,lerna publish
works well in lerna 3.22.0:but fails in lerna 4.0.0, with the following 403 error:
Prepending registry URL prefix to
_auth
solves the issue:As we have two repos in our Artifactory registry (one which acts as installer source and one for publishing) the solution by @evisong was leading me into the right direction. We had to prefix the
_auth
with the repo from where we install our packages and additionally addregistry
and_auth
for the publishing part:Now that Nrwl has taken over stewardship we are going to take a look into this issue!
In the meantime, as was hit upon but not explicitly called out here: https://github.com/lerna/lerna/issues/2730#issuecomment-764733233
…you can use
"verifyAccess": false
in your lerna.json publish config, or pass--no-verify-access
to thelerna publish
command to get it to skip the auth validation step, which I think should unblock at lot of folks on this thread.It is likely that the logic which validates the npm auth piece just needs to be expanded/fixed and as mentioned we will look into that very soon as we also want to address the highly related: https://github.com/lerna/lerna/issues/2788
Because of this unsolved issue, i migrated to turborepo + changesets.
also had to revert. is lerna still being maintained? is there a fix coming for v4?
Hope this helps!
I just tried Lerna 6.4.1 and still get:
What can we do to get this fixed? We are stuck with lerna v3 and cannot update.
@JamesHenry This issue remains for all of us that are stuck on corporate and private repos. It makes lerna essentially unusable. I have to believe this is a priority.
Is this still an open issue? I’m experiencing a similar issue (authenticating with artifactory registry on Jenkins) and haven’t found a workaround. Downgrading lerna or using the no verify access flag haven’t helped.
I encountered this issue upon upgrading from Lerna 3.22 to 4.0. The
lerna publish
command would error with a 401. What worked for me was having both a “regular”_auth
in the npm config and another prepended with the registry URL as @evisong first recommended: