Home > Blockchain >  Can't update private dependencies with dependabot
Can't update private dependencies with dependabot

Time:03-16

Context

I have a library of private components stored in Bit.dev as my source of truth.

To use them I must have a token and the registry information in my .npmrc file and with this token I can install all of my components anywhere I want.

/**.npmrc file example **/

@scopename:registry=https://node.bit.dev/
//node.bit.dev/:_authToken=my-really-secure-token

Problem

So, I am trying to use dependabot to update these dependencies on my projects but every time dependabot do the check it fails on authentication.

updater | INFO <job_number> Checking if @owner/scope.ui.teste 0.0.2 needs updating
  proxy | 2022/03/11 18:18:35 [034] GET https://node.bit.dev:443/@owner/scope.ui.teste
  proxy | 2022/03/11 18:18:36 [034] 404 https://node.bit.dev:443/@owner/scope.ui.teste
updater | INFO <job_number> Handled error whilst updating @owner/scope.ui.teste: private_source_authentication_failure {:source=>"node.bit.dev"}

My dependabot.yaml

version: 2
registries:
  bit-components:
    type: npm-registry
    url: https://registry.npmjs.org
    token: ${{secrets.NPM_RC_TOKEN}}
updates:
  - package-ecosystem: "npm"
    directory: "/"
    registries:
      - bit-components
    schedule:
      interval: "daily"

I have tried change the url to:

And also replaced the key token to use username and password for authentication but none of the changes solves the problem or change the error message. What can I do?

CodePudding user response:

We solved it by changing our scope in Bit.dev to public and changing from url: https://registry.npmjs.org to url: https://node.bit.dev

dependabot.yml example

version: 2
registries:
  bit-components:
    type: npm-registry
    url: https://node.bit.dev 
    token: ${{secrets.NPM_RC_TOKEN}}
updates:
  - package-ecosystem: "npm"
    directory: "/"
    registries:
      - bit-components
    schedule:
      interval: "daily"
  • Related