Github personal access token stopped working using yarn/npm install
I have a NodeJS project that uses yarn to resolve dependencies. One notable feature of my config is that one of the package is a private repo and the resolve downloads the package using a Github Personal Access Token, something like:
This was working last Friday, but it stopped working today. I'm now seeing yarn error code 128 in the deploy logs with not much more information.
The
yarn install works locally, but fails on Railway.
I tried to migrate to npm instead of yarn, same error. Same here, the npm install works locally, but fails on Railway.
I verified the validity of my personal access token, it's valid. I even generated a new one to try but that didn't work either.
I tried to redeploy the last build that passed on Friday, it now fails, so something definitely changed in between this last build and now.
I'm running out of ideas, I would appreciate some help. Thanks.17 Replies
Project ID:
3a5ae89e-a2aa-4063-8520-b522f0318da9project id: 3a5ae89e-a2aa-4063-8520-b522f0318da9
how do you supply the token to Railway?
it's hardcoded in the package.json
that's not ideal at all
indeed, but that's okay for now and the personal access token has very limited scope
can you set a service variable for the token and then have yarn use the environment variable?
I'm not sure I can do this from a JSON file (package.json) but I'll look; do you think it is possibly related to the issue, or unrelated just a better practice?
just better practice, unfortunately I can't help you if the method you choose is to hardcode a github token, wouldn't sit right with me
alright, after much fighting with OS incompatibilities, I found a way to move this access token to the environment variables π
Awesome! please share how you've done it
I added a preinstall step during the
yarn install that replaces the access token variable in the package.json with the actual value coming from the environmentnicely done
thanks; it's too much of a hack though, at some point I'll need to understand how to deal with private packages
better than hardcoding the token for sure
back to the original problem, are you aware of any change that happened between Friday and now that could break this?
I am not, sorry