docs(troubleshoot): document GitHub Package Registry auth for @midnight-ntwrk/* (closes #787)#1073
Conversation
|
@HarleysCodes is attempting to deploy a commit to the Midnight Foundation Team on Vercel. A member of the Team first needs to authorize it. |
|
|
…loses midnightntwrk#787) The existing 'Fix package repository access failures' page covers 403s from the public npm registry but never addresses the 'Invalid authentication (as an unknown user)' error that occurs when installing @midnight-ntwrk/* packages from https://npm.pkg.github.com/ without an npmAuthToken. Adds a new 'Solution 4: Authenticate to GitHub Package Registry' section covering: - Why GitHub Packages requires auth even for public @midnight-ntwrk/* packages (verified against midnightntwrk/midnight-js's own .yarnrc.yml). - A copy-pasteable .yarnrc.yml snippet with the npmAuthToken field under the midnight-ntwrk scope, matching the working config cited in midnightntwrk/midnight-js#173 (adamreynolds-io's answer). - Steps to generate a GitHub PAT with read:packages scope and export it as GITHUB_TOKEN before yarn install. Closes midnightntwrk#787
…h doc The autolink `<https://github.com/settings/personal-access-tokens/new>` was being parsed by MDX as a JSX tag start; the `/` after `https:` broke tag-name parsing and crashed both `build` and `vale`. Replaced with backticked URL — same rendered output, valid MDX.
96d6d32 to
e69ba02
Compare
oduameh
left a comment
There was a problem hiding this comment.
Really well-written addition -- the structure matches the existing solutions cleanly and the technical content is accurate. Just a few suggestions to tighten the prose and align with patterns used in Solutions 1-3.
One item I could not leave inline because it is outside the diff: the page description on line 3 currently says "three proven solutions" but with this PR there are now four. It would be worth updating that to "four proven solutions" (or rewording to avoid a specific count).
|
|
||
| ## Solution 4: Authenticate to GitHub Package Registry | ||
|
|
||
| If the previous solutions do not resolve the issue, the failure may be related to GitHub Package Registry authentication rather than your npm registry configuration. Midnight publishes `@midnight-ntwrk/*` packages to `https://npm.pkg.github.com/`, which requires authentication even for public packages. |
There was a problem hiding this comment.
| If the previous solutions do not resolve the issue, the failure may be related to GitHub Package Registry authentication rather than your npm registry configuration. Midnight publishes `@midnight-ntwrk/*` packages to `https://npm.pkg.github.com/`, which requires authentication even for public packages. | |
| If the previous solutions do not resolve the issue, the cause may be GitHub Package Registry authentication rather than an npm registry misconfiguration. Midnight publishes `@midnight-ntwrk/*` packages to `https://npm.pkg.github.com/`, which requires authentication even for public packages. |
| @midnight-ntwrk/ledger@npm:4.0.0::__archiveUrl=...: Invalid authentication (as an unknown user) | ||
| ``` | ||
|
|
||
| To resolve this, configure `npmAuthToken` in your `.yarnrc.yml` and provide a GitHub personal access token with the `read:packages` scope through the `GITHUB_TOKEN` environment variable. |
There was a problem hiding this comment.
| To resolve this, configure `npmAuthToken` in your `.yarnrc.yml` and provide a GitHub personal access token with the `read:packages` scope through the `GITHUB_TOKEN` environment variable. | |
| To resolve this, configure `npmAuthToken` in your `.yarnrc.yml`. You also need a GitHub personal access token with the `read:packages` scope, provided through the `GITHUB_TOKEN` environment variable. |
|
|
||
| ### Generate a GitHub personal access token | ||
|
|
||
| Create a fine-grained personal access token at `https://github.com/settings/personal-access-tokens/new` with the `read:packages` scope. A classic PAT with the same scope also works. |
There was a problem hiding this comment.
| Create a fine-grained personal access token at `https://github.com/settings/personal-access-tokens/new` with the `read:packages` scope. A classic PAT with the same scope also works. | |
| Create a fine-grained personal access token (PAT) at `https://github.com/settings/personal-access-tokens/new` with the `read:packages` scope. A classic PAT with the same scope also works. |
|
|
||
| Create a fine-grained personal access token at `https://github.com/settings/personal-access-tokens/new` with the `read:packages` scope. A classic PAT with the same scope also works. | ||
|
|
||
| For organization-owned packages, your token must also have access to the `midnightntwrk` organization. |
There was a problem hiding this comment.
| For organization-owned packages, your token must also have access to the `midnightntwrk` organization. | |
| :::info[Organization access] | |
| For organization-owned packages, your token must also have access to the `midnightntwrk` organization. | |
| ::: |
| npmAuthToken: "${GITHUB_TOKEN}" | ||
| ``` | ||
|
|
||
| Yarn interpolates `${GITHUB_TOKEN}` from the environment at install time, so the token never has to live in `.yarnrc.yml`. |
There was a problem hiding this comment.
| Yarn interpolates `${GITHUB_TOKEN}` from the environment at install time, so the token never has to live in `.yarnrc.yml`. | |
| :::tip[Token security] | |
| Yarn interpolates `${GITHUB_TOKEN}` from the environment at install time, so the token never lives in `.yarnrc.yml`. | |
| ::: |
| yarn install | ||
| ``` | ||
|
|
||
| **Verification**: Installation completes without `Invalid authentication` errors and `@midnight-ntwrk/*` packages resolve from `npm.pkg.github.com`. |
There was a problem hiding this comment.
| **Verification**: Installation completes without `Invalid authentication` errors and `@midnight-ntwrk/*` packages resolve from `npm.pkg.github.com`. | |
| **Verification**: Installation completes without `Invalid authentication` errors and `@midnight-ntwrk/*` packages resolve from `npm.pkg.github.com`. |
|
|
||
| Without a configured token, every install attempt fails with: | ||
|
|
||
| ``` |
There was a problem hiding this comment.
For consistency with the error block earlier in the page (which uses ```bash), consider adding a language tag here. Even for output-only blocks, a tag like ```text or ```bash helps screen readers and syntax highlighters.
|
|
||
| <Step> | ||
|
|
||
| ### Export the token and reinstall |
There was a problem hiding this comment.
In Solutions 1-3, the step before "Test installation" only configures things, and "Test installation" is the first time install actually runs. Here, step 3 both exports the token and runs yarn install, so step 4 re-runs the same command.
To match the existing pattern, you could separate the concerns:
- Step 3 ("Export the token"): just the
exportcommand plus the inline-env-var alternative - Step 4 ("Test installation"): runs
yarn installas the actual verification
That way each step does one thing, and the test step is meaningful on its own.
Addresses oduameh's review comments:
- line 3: update description from 'three proven solutions' to 'four proven
solutions' to match the new Solution 4.
- Solution 4 intro: tighten phrasing, mirror the parallelism oduameh
flagged ('authentication rather than misconfiguration').
- error output block: tag as 'text' instead of leaving it untagged, so
screen readers and syntax highlighters handle it consistently with the
other code blocks on the page.
- '.yarnrc.yml' intro: split the long sentence oduameh flagged into two
for readability.
- PAT step: add '(PAT)' parenthetical on first mention; move the
'midnightntwrk organization' note into a :::info admonition to match
Solution 2's pattern.
- token interpolation: move into a :::tip admonition with 'Token
security' label, matching Solution 2's admonition cadence.
- step 4 ('Test installation'): fold into step 3 since step 3 already
runs 'yarn install' — re-running the same command in a separate step
added noise without adding signal. Verification prose moved to the
tail of step 3 to match the Solutions 1-3 'Verification:' pattern.
Refs midnightntwrk#1073.
|
addressed all 8 inline comments + the line-3 description fix. opted for |
Summary
Resolves #787 by adding a new 'Solution 4' to
docs/troubleshoot/fix-package-repository-access-failures.mdxcovering the GitHub Package Registry authentication requirement that breaksyarn installfor@midnight-ntwrk/*packages with 'Invalid authentication (as an unknown user)'.Background
midnightntwrk/midnight-js's own.yarnrc.ymlconfigures themidnight-ntwrkscope to fetch fromhttps://npm.pkg.github.com/. The existing troubleshoot page covers 403s from the public npm registry but never mentions GitHub Packages, so users following its solutions still hit the auth failure.The canonical fix is already documented in midnightntwrk/midnight-js#173 (adamreynolds-io): add
npmAuthToken: "${GITHUB_TOKEN}"under themidnight-ntwrkscope and set theGITHUB_TOKENenv var before installing.Change
read:packagesscope, fine-grained or classic)..yarnrc.ymlsnippet mirroring the user's working config from the issue.${GITHUB_TOKEN}at install time, so the token never lives in the config file.export.Verification
.yarnrc.ymlonmain: the scope block matches what this PR recommends users addnpmAuthTokento..yarnrc.ymldocs (npmAuthToken,npmAlwaysAuth,npmRegistryServerfields all behave as documented).npmAuthTokenorGITHUB_TOKEN; the change is scoped to the troubleshoot page.Out of scope (not changed)
@midnight-ntwrk/*requiring GitHub Packages auth at all. Happy to follow up with a parallel update to those surfaces if the docs team prefers the guidance live there instead of (or in addition to) the troubleshoot page.