AWS install github private package in codeBuild

Question

Hi I have codepipeline to deploy my angular app, and in that app I am using my private github package. Everything is working locally etc. But on codeBuild I have no idea how to register into github package repository.

my buildspec looks like:

version: 0.2

env:
    variables:
        S3_BUCKET: "{{s3_bucket_url}}"
        BUILD_ENV: "{{BUILD_ENV}}"
        BUILD_FOLDER: "dist"
phases:
  install:
    runtime-versions:
      nodejs: 14
  
  pre_build:
    commands:
      - echo Installing source NPM dependencies...
      - npm install
      - npm install -g @angular/cli
  
  build:
    commands:
      - echo Build started on `date` with $BUILD_ENV flag.
      - ng build $BUILD_ENV
  
  post_build:
     commands:
      - echo Build completed on `date`
      
      
artifacts:
    files:
        - '**/*'
    base-directory: 'dist*'

if fails on npm install because 404 Not Found - GET https://registry.npmjs.org. For example in github actions I just simply define registry-url: 'https://npm.pkg.github.com' and thats correct.

Thanks for help :)

Answer 1

It fails because, in the execution context of the CodeBuild process, access to the repo containing the GitHub package is restricted, so it can't find the package because it doesn't have access to the repo's packages. You will need to authenticate to the GitHub Package API.

One way to authenticate is to create a Personal Access Token, include it in your CodeBuild Environment by linking a secret in the SecretsManager, then accessing that token in your buildspec script in the env section:

1. Create a personal access token: In GitHub, create a Personal access token with the read:packages permission. Here's a link to a tutorial on how to do that.
2. Register token as a secret in Secrets Manager: In SecretsManager, create a secret with one entry. Name the key of the entry GH_PERSONAL_ACCESS_TOKEN, and in the value field, provide the token that you created in step 1. Pick a descriptive name for your secret (something like codebuild/gh_token). Take note of the secret's name.
3. Authenticate to GitHub Packages using the Personal Access Token: In your buildspec script, you will need to retrieve the secret containing your Personal Access Token, then use that to authenticate before you run the npm install command:

env:
  secrets-manager:
    GH_PERSONAL_ACCESS_TOKEN: {SECRET_ARN}:PERSONAL_ACCESS_TOKEN  # <- replace {SECRET_ARN} with arn of secret

phases:
  #...
  
  pre_build:
    commands:
      - echo Installing source NPM dependencies...

      # this is needed to set the url where the package is located
      - npm config set @OWNER:registry https://npm.pkg.github.com # <- replace OWNER with the organization/owner name
      # this is needed to set the personal access token that we created
      - npm config set //npm.pkg.github.com/:_authToken $GH_PERSONAL_ACCESS_TOKEN

      - npm install
      - npm install -g @angular/cli