With the newly created Github Package Registry, you can store your private packages in the same place as your code.
Deploying packages and use them inside a package.json
file is very simple. When it comes to use them in a CI/CD environment it's a bit tricky.
First, we need to provide our ci/cd environment a secure way to retrieve packages from our private repositories. Using the classic npm login
is secure but not very handy. So the TOKEN approach is what I chose. See more info about creation here. You only need to provide read access to packages.
Then we need to set a reference to our private repositories for npm to resolve and find it. The easiest way is to set an .npmrc file at the root of your project and put things this way :
registry=https://registry.npmjs.org/
@owner:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
The trick here is to indicate the default registry (registry.npmjs.org) for all other public packages you want to use.
Be sure to replace owner
by your organisation name. The GITHUB_TOKEN
is stored as environment variable (you have many ways to hide it on your machine and in some ci/cd tools, don't need to hardcode it).
Hope it helps !