From 698d50532ea4cc0490274810a45fe52318110a1c Mon Sep 17 00:00:00 2001 From: Muhun Kim Date: Fri, 16 Jun 2023 00:10:28 +0900 Subject: [PATCH] Fix description about ensuring workflow access to private package (#704) --- docs/advanced-usage.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md index 0edc6e16..43dd22a6 100644 --- a/docs/advanced-usage.md +++ b/docs/advanced-usage.md @@ -401,11 +401,14 @@ steps: yarn config set npmScopes.my-org.npmAlwaysAuth true yarn config set npmScopes.my-org.npmAuthToken $NPM_AUTH_TOKEN env: - NPM_AUTH_TOKEN: ${{ secrets.YARN_TOKEN }} + NPM_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Install dependencies run: yarn install --immutable ``` -NOTE: As per https://github.com/actions/setup-node/issues/49 you cannot use `secrets.GITHUB_TOKEN` to access private GitHub Packages within the same organisation but in a different repository. + +To access private GitHub Packages within the same organization, go to "Manage Actions access" in Package settings and set the repositories you want to access. + +Please refer to the [Ensuring workflow access to your package - Configuring a package's access control and visibility](https://docs.github.com/en/packages/learn-github-packages/configuring-a-packages-access-control-and-visibility#ensuring-workflow-access-to-your-package) for more details. ### always-auth input The always-auth input sets `always-auth=true` in .npmrc file. With this option set [npm](https://docs.npmjs.com/cli/v6/using-npm/config#always-auth)/yarn sends the authentication credentials when making a request to the registries.