Deploying Functions That Use Private NPM Package

[jj-valentine]

Context

I'm trying to navigate deploying firebase functions that require the use of a private NPM package. So far, it's easy enough to authorize and install the private package and other dependencies, however, when I reach the last step in the job (i.e. using firebase-action to deploy the functions) the logs show that the step fails at the very end after the action seemingly attempts to run yarn install AGAIN on its own and hits an authorization wall when trying to access/download the aforementioned private package. Not only does it seem redundant that the action attempts to install the dependencies for a second time, but it clearly also doesn't have access to the authorization token I provided in the 'setup node' step. I've tried a couple of workarounds including building an .npmrc file to hold all of the package authorization/registry information as it does for me locally, but unfortunately I run into the same issue.

The way I see it, there's a number of assumptions that could be made about what may be happening here. I'm certain I'm missing something though, so I'd really appreciate if someone could lend some insight...

Possible Assumptions:

• firebase-action isn't able to access the installed dependencies
• firebase-action demands (for whatever reason) that the dependencies be re-installed but fails to reference/use authorization config/info for private packages
• firebase-action is working fine, and thus a separate issue exists (i.e. a problem with one of the previous steps or a failure on my part to include a missing but necessary step)

.yml File

concurrency:
  group: production
  cancel-in-progress: true

on:
  push:
    branches:
      - prod
     
defaults:
  run:
    working-directory: './functions/'

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: set up repo
        uses: actions/checkout@v3

      - name: set up node
        uses: actions/setup-node@v3
        with:
          node-version: '14.x'
          cache: 'yarn'
          cache-dependency-path: './functions/yarn.lock'
          registry-url: 'https://npm.pkg.github.com'
          scope: '@sunbreak-studio'
          always-auth: true

      - name: install dependencies (with 'yarn')
        run: yarn install --frozen-lockfile --prefer-offline --ignore-scripts
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

      - name: deploy functions
        uses: w9jds/firebase-action@master
        with:
          args: deploy --only functions
        env:
          FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}

Screenshots of Logs (w/Errors)

[Willem-SN]

So normally this should work with a .npmrc file, but within the action ran into all sorts of trouble getting the secret properly inserted. In the end I got it working like this for a private github package, creating a .npmrc within a step before any firebase-action:

      - name: Setup registry
        run: |
          echo "@YourOrgName:registry=https://npm.pkg.github.com/" > .npmrc
          echo "//npm.pkg.github.com/:_authToken=${{ secrets.PERSONAL_ACCESS_TOKEN }}" >> .npmrc