Add caveat for Yarn 2+ and private repos

This commit is contained in:
Sergey Dolin 2022-08-19 12:21:26 +02:00
parent 094c36e88e
commit 089aa7ea91
1 changed files with 20 additions and 0 deletions

View File

@ -247,5 +247,25 @@ steps:
# `npm rebuild` will run all those post-install scripts for us.
- run: npm rebuild && npm run prepare --if-present
```
### Yarn2 configuration
Yarn2 ignores both .npmrc and .yarnrc files created by the action, so before installing dependencies from the private repo it is necessary either to create or to modify existing yarnrc.yml file with `yarn config set` commands.
Below there's a sample "Setup .yarnrc.yml" step to configure private github registy for `my-org` organisation.
```yaml
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '14.x'
- name: Setup .yarnrc.yml
run: |
yarn config set npmScopes.my-org.npmRegistryServer "https://npm.pkg.github.com"
yarn config set npmScopes.my-org.npmAlwaysAuth true
yarn config set npmScopes.my-org.npmAuthToken $NPM_AUTH_TOKEN
env:
NPM_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }}
- name: Install dependencies
run: yarn install --immutable
```
NOTE: As per https://github.com/actions/setup-node/issues/49 you cannot use `secrets.GITHUB_TOKEN` to access private GitHub Packages within the same organisation but in a different repository.