Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
GITHUB_TOKEN does not have access to other private packages
See original GitHub issueBased on the documentation, I have my workflow set up to install from my GitHub Package Registry:
steps:
- uses: actions/checkout@v1
- uses: actions/setup-node@v1
with:
node-version: 10.x
registry-url: 'https://npm.pkg.github.com'
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
However, I get a 404 when trying to install any private packages scoped to my account with this configuration. Just to clarify these are private packages within the same account that this repo and workflow exists.
Using the exact same configuration, if I replace with a personal access token I’ve created, I am able to install private packages without issue.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:86
- Comments:100 (6 by maintainers)
Top Results From Across the Web
About permissions for GitHub Packages
To use or manage a package hosted by a package registry, you must use a personal access token (classic) with the appropriate scope,...
Read more >Configuring a package's access control and visibility
If your package is private or internal and owned by an organization, then you can only give access to other organization members or...
Read more >Publishing and installing a package with GitHub Actions
GitHub Packages is not available for private repositories owned by accounts using legacy per-repository plans. Also, accounts using legacy per-repository plans ...
Read more >About permissions for GitHub Packages - GitHub AE Docs
Access tokens · To publish packages associated with the workflow repository, use GITHUB_TOKEN . · To install packages associated with other private repositories ......
Read more >Introduction to GitHub Packages
GitHub Packages only supports authentication using a personal access token (classic). For more information, see "Creating a personal access token." You need an ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@bryanmacfarlane a PAT is “personal” and can’t be scoped to a single org, means a PAT has access to all my packages across all my orgs. That’s not a solution to me. The
GITHUB_TOKENshould havepackage:readaccess to all packages in the same org.No, it isn’t fixed. #53 is about publishing a package, which can be done. This is about pulling packages from other private repos, which can’t be done, it requires a personal access token.
This is also a big issue for me and my company. There should be a way to have an org token that gives read access to the org’s packages. Or give
GITHUB_TOKENto other packages of the same org