Skip to content

fix(HII-13198): Fix npm ci error#333

Open
dorin992 wants to merge 25 commits into
masterfrom
HII-13198-test
Open

fix(HII-13198): Fix npm ci error#333
dorin992 wants to merge 25 commits into
masterfrom
HII-13198-test

Conversation

@dorin992
Copy link
Copy Markdown
Contributor

@dorin992 dorin992 commented May 5, 2026

Summary

Updated the shared test-unit composite action to make npm authentication reliable across services during vulnerability-scan image builds.

What Changed

  • Standardized CI npm auth by creating a runtime .npmrc with the @hiiretail Artifact Registry scope.
  • Ran google-artifactregistry-auth against that runtime .npmrc so credentials are written where the workflow expects them.
  • Mirrored npm credentials to $HOME/.npmrc for compatibility with tools/environments that read home-level npm config.
  • Updated Docker build to always pass npm credentials via BuildKit secret:
    • --secret id=npmrc,src=.npmrc
  • Kept existing lint/typecheck/test/scan flow unchanged.

Why

Some services passed unit tests but failed in Docker image build (npm ci inside Docker) with E401 due to auth context mismatch between runner and container.

Because repositories use different Dockerfile patterns (COPY . . vs BuildKit secret consumption), the action needed a backward-compatible auth strategy that works for both.

Outcome

This change improves cross-repo compatibility by supporting:

  • services relying on workspace .npmrc behavior, and
  • services consuming npm auth via Docker BuildKit secrets.

It reduces CI breakage without changing the expected pipeline stages or behavior.

@dorin992 dorin992 requested review from Copilot and mdovhopo May 5, 2026 14:31
@dorin992 dorin992 changed the title Hii 13198 test fix(HII-13198): Fix npm ci error May 5, 2026
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the composite-actions/nodejs-generic-api/test-unit composite action to make npm authentication more reliable for unit-test runs and Docker-based vulnerability-scan image builds, especially when private packages are fetched during npm ci inside Docker.

Changes:

  • Generates a runtime workspace .npmrc for the @hiiretail Artifact Registry scope and authenticates via google-artifactregistry-auth.
  • Mirrors npm credentials to ~/.npmrc to support tools/environments that read home-level npm config.
  • Enables BuildKit and passes .npmrc into docker build using a BuildKit secret for the vulnerability-scan image build.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread composite-actions/nodejs-generic-api/test-unit/action.yaml Outdated
Comment thread composite-actions/nodejs-generic-api/test-unit/action.yaml Outdated
Comment thread composite-actions/nodejs-generic-api/test-unit/action.yaml Outdated
Base automatically changed from HII-13198 to master May 7, 2026 06:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mdovhopo mdovhopo Awaiting requested review from mdovhopo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dorin992