如何将第一个软件包发布(而不是放置)到新安装的Verdaccio / Docker实例中?

时间:2020-05-09 17:33:10

标签: npm-publish verdaccio

我已将Verdaccio安装为带有docker-compose.yml文件的Docker容器:

├── docker-compose.yml
├── INSTALLATION.md
├── README.md
└── volumes
    ├── conf
    │   ├── config.yaml
    │   └── htpasswd
    ├── plugins
    └── storage

这是:

version: "3.7"
services:
  registry:
    image: verdaccio/verdaccio
    networks:
      verdaccio:
    hostname: verdaccio
    ports:
      - 4873:4873
    volumes:
      - ~/dev/docker/registries/verdaccio/volumes/conf:/verdaccio/conf
      - ~/dev/docker/registries/verdaccio/volumes/plugins:/verdaccio/plugins
      - ~/dev/docker/registries/verdaccio/volumes/storage:/verdaccio/storage
    environment:
      VERDACCIO_PORT: 4873
    deploy:
      replicas: 1
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3
        window: 30s
networks:
  verdaccio:
    name: verdaccio

和文件权限:

sudo groupadd verdaccio;
sudo useradd -s /bin/false -d /dev/null -g verdaccio verdaccio;
sudo chown -R verdaccio:verdaccio ~/dev/docker/registries/verdaccio/volumes/
sudo chmod -R 755 ~/dev/docker/registries/verdaccio/volumes

我正在尝试使用以下命令发布Angular库:

npm publish lib-core-0.0.1.tgz

但是我得到了错误:

npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT http://verdaccio:4873/lib-core - user stephane is not allowed to publish package lib-core
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/stephane/.npm/_logs/2020-05-10T05_40_47_153Z-debug.log
✔ ~/dev/js/projects/angular/lib-core/dist/lib-core [master|…1] 
07:40 $ npm publish @stephane/lib-core-0.0.1.tgz
npm ERR! code E404
npm ERR! 404 Not Found - GET http://verdaccio:4873/@stephane%2flib-core-0.0.1.tgz - no such package available
npm ERR! 404 
npm ERR! 404  '@stephane/lib-core-0.0.1.tgz@latest' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/stephane/.npm/_logs/2020-05-10T05_40_55_652Z-debug.log

服务器日志:

verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 403, user: stephane(10.255.0.2), req: 'PUT /lib-core', error: user stephane is not allowed to publish package lib-core
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 403, user: stephane(10.255.0.2), req: 'PUT /lib-core', error: user stephane is not allowed to publish package lib-core
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 403, user: stephane(10.255.0.2), req: 'GET /npm', error: user stephane is not allowed to access package npm
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 403, user: stephane(10.255.0.2), req: 'GET /npm', error: user stephane is not allowed to access package npm
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available
verdaccio-registry_registry.1.662e59l987fw@stephane-pc    |  http <-- 404, user: stephane(10.255.0.2), req: 'GET /@stephane%2flib-core-0.0.1.tgz', error: no such package available

当我读取此错误时,我了解到该软件包是在Verdaccio中查找的,但未找到(404)。 等一下。我不是要在这里添加新软件包吗?那么为什么要先查找呢?在发布之前,我还应该输入其他命令吗? 问题在于,在将该PUT请求发送到服务器之前,我看不到任何POST请求来添加软件包。

我也尝试了(并得到了相同的错误)带有范围前缀:

npm publish @stephane/lib-core-0.0.1.tgz

我使用以下配置运行Verdaccio:

storage: /verdaccio/storage
plugins: /verdaccio/plugins

auth:
  htpasswd:
    file: /verdaccio/conf/htpasswd
security:
  api:
    jwt:
      sign:
        expiresIn: 360d
        notBefore: 1
  web:
    sign:
      expiresIn: 7d

packages:
  '@*/*':
    access: $all
    publish: $all
    proxy: npmjs

  '@stephane/*':
    access: $anonymous
    publish: $anonymous
    proxy: npmjs

存储空间仍为空:

stephane@stephane-pc:~/dev/docker/registries/verdaccio$ ll volumes/storage/
total 0

即使删除packages:配置并重新启动Verdaccio容器,在成功执行npm login命令之后,发布命令也会再次失败,并出现403 Forbidden错误:

~/dev/js/projects/angular/lib-core/dist/lib-core [master|…1] 
08:04 $ npm publish lib-core-0.0.1.tgz

更新:整个问题是主机卷权限问题。我将权限还原为我的常规主机用户,并在运行它时将该用户分配给了容器。我在docker-compose.yml文件中添加了以下user属性:

user: "${CURRENT_UID}:${CURRENT_GID}"

我还更改了程序包配置,以允许经过身份验证的用户访问有作用域的程序包:

packages:
  '@*/*':
    access: $all
    publish: $authenticated
  '**':
    proxy: npmjs

容器现在与主机用户一起运行,问题不再存在。

0 个答案:

没有答案
相关问题
最新问题