From 85bb86038294d19ab040d9da5b628c7d1458c9b1 Mon Sep 17 00:00:00 2001 From: saravanakumardb1 Date: Mon, 13 Apr 2026 00:21:13 -0700 Subject: [PATCH] =?UTF-8?q?fix(gitea):=20fix=20publish=20auth=20=E2=80=94?= =?UTF-8?q?=20scoped=20registry=20+=20proxy=3Dfalse=20in=20.npmrc?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root causes found: 1. publishConfig.registry in each package.json overrides --registry CLI flag, causing npm to hit gitea.bytelyst.com through corp proxy. 2. Global ~/.npmrc proxy settings (NPM_CONFIG_PROXY env vars) route localhost:3300 through the corporate proxy. 3. No .npmrc with auth token was created for npm publish to use. Fix: generate a proper .npmrc in WORK_DIR with: - _authToken for registry auth - @bytelyst:registry scoped override (bypasses publishConfig) - proxy=false + https-proxy=false on corp network - Unified corp/home publish path (both use same .npmrc) Token scope issue still open: current GITEA_NPM_TOKEN has read:package but not write:package — needs regeneration in Gitea UI. --- scripts/gitea/publish-outdated-packages.sh | 47 ++++++++++++---------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/scripts/gitea/publish-outdated-packages.sh b/scripts/gitea/publish-outdated-packages.sh index 18b2234c..8787df94 100755 --- a/scripts/gitea/publish-outdated-packages.sh +++ b/scripts/gitea/publish-outdated-packages.sh @@ -88,6 +88,18 @@ SKIP_DIRS="swift-platform-sdk swift-diagnostics kotlin-platform-sdk react-native trap 'rm -rf "$WORK_DIR"' EXIT mkdir -p "$WORK_DIR" +# Write .npmrc with auth token + scoped registry so npm publish bypasses publishConfig +NPMRC_FILE="$WORK_DIR/.npmrc" +{ + printf '//%s:_authToken=%s\n' "$AUTH_TARGET" "$TOKEN" + # Override publishConfig.registry in package.json (npm uses scoped registry first) + printf '@bytelyst:registry=%s\n' "$REGISTRY_URL" + if [ "$IS_CORP" = true ]; then + # Disable proxy for localhost (global ~/.npmrc has corp proxy) + printf 'proxy=false\nhttps-proxy=false\n' + fi +} > "$NPMRC_FILE" + # ── Helpers ──────────────────────────────────────────────── pkg_field() { @@ -230,27 +242,20 @@ publish_package() { # Step 3: publish to Gitea registry. # Run from WORK_DIR (in /tmp with .npmrc for auth) so npm won't find # the repo's .npmrc which has @bytelyst:registry pointing externally. - if [ "$IS_CORP" = true ]; then - # Corp: unset ALL proxy/registry env vars so npm goes directly to localhost - if ! (cd "$WORK_DIR" && env \ - -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY \ - -u npm_config_proxy -u npm_config_https_proxy \ - -u NPM_CONFIG_PROXY -u NPM_CONFIG_HTTPS_PROXY \ - -u NPM_CONFIG_REGISTRY -u NPM_CONFIG_STRICT_SSL \ - -u NPM_CONFIG_NOPROXY \ - -u NODE_TLS_REJECT_UNAUTHORIZED \ - npm publish "$final_tgz" \ - --registry "$REGISTRY_URL" 2>&1); then - echo " ERROR: publish failed for $pkg_name@$pkg_version" - return 1 - fi - else - # Home: publish directly to Azure VM Gitea (no proxy stripping needed) - if ! (cd "$WORK_DIR" && npm publish "$final_tgz" \ - --registry "$REGISTRY_URL" 2>&1); then - echo " ERROR: publish failed for $pkg_name@$pkg_version" - return 1 - fi + # Publish using shared .npmrc (has auth, scoped registry, and proxy=false on corp) + # Strip all proxy/registry env vars so only .npmrc settings apply + if ! (cd "$WORK_DIR" && env \ + -u http_proxy -u https_proxy -u HTTP_PROXY -u HTTPS_PROXY \ + -u npm_config_proxy -u npm_config_https_proxy \ + -u NPM_CONFIG_PROXY -u NPM_CONFIG_HTTPS_PROXY \ + -u NPM_CONFIG_REGISTRY -u NPM_CONFIG_STRICT_SSL \ + -u NPM_CONFIG_NOPROXY \ + -u NODE_TLS_REJECT_UNAUTHORIZED \ + npm publish "$final_tgz" \ + --registry "$REGISTRY_URL" \ + --userconfig "$NPMRC_FILE" 2>&1); then + echo " ERROR: publish failed for $pkg_name@$pkg_version" + return 1 fi }