Renovate Bot fails to resolve private npm packages from Azure Artifacts
I'm using Renovate Bot in an Azure DevOps pipeline to automate dependency updates for repositories that use a private Azure Artifacts npm registry. Despite configuring authentication via hostRules, .npmrc, and pipeline tokens, Renovate fails with errors.
The issue occurs during the yarn install step after Renovate attempts to update dependencies. I've tried multiple configurations however can’t resolve the issue.
Here are my configuration files:
config.js:const pipelineToken = process.env.TOKEN; const patTokenForFeed = process.env.RENOVATE_TOKEN; module.exports = { platform: "azure", onboarding: true, endpoint: "https://dev.azure.com/myorg", // Updated organization token: pipelineToken, repositories: [ "MI-Genesis/NexusCoreCreditService", "MI-Genesis/NexusCoreFileGatewaySdk" ], extends: [ "config:best-practices", "group:monorepos" ], prConcurrentLimit: 10, prHourlyLimit: 10, commitMessagePrefix: "fix(deps): ", hostRules: [ { hostType: "npm", matchHost: "pkgs.dev.azure.com", username: "apikey", password: patTokenForFeed, } ], enabledManagers: ['npm'], defaultRegistryUrls: [ 'https://registry.npmjs.org/', 'https://pkgs.dev.azure.com/myorg/MI-Genesis/_packaging/NexusPlatform/npm/registry/', // Updated URL ], packageRules: [ { matchRepositories: ["MI-Genesis/NexusCoreCreditService", "MI-Genesis/NexusCoreFileGatewaySdk"], matchUpdateTypes: ["minor", "patch"], labels: ["Renovate-Dependencies-Update"], branchPrefix: "dependencies/", commitMessagePrefix: "fix(deps): ", prBody: "### Dependency Updates for {{depName}}\n\nThis PR updates {{depName}} to version {{newVersion}}." } ] };pipeline.yaml:steps: - task: npmAuthenticate@0 displayName: 'Authenticate with Azure Artifacts' inputs: workingFile: .npmrc - script: | echo "//pkgs.dev.azure.com/myorg/MI-Genesis/_packaging/NexusPlatform/npm/registry/:_authToken=${TOKEN}" >> ~/.npmrc # Updated URL displayName: "Ensure NPM Auth Token" - bash: | git config --global user.email 'bot@renovateapp.com' git config --global user.name 'Renovate Bot' npx --userconfig .npmrc renovate displayName: 'Run Renovate' env: LOG_LEVEL: DEBUG RENOVATE_TOKEN: $(RENOVATE_TOKEN) TOKEN: $(System.AccessToken).nprmc:@hexfluid:registry=https://pkgs.dev.azure.com/myorg/MI-Genesis/_packaging/HexFluidIntro/npm/registry/ # Updated @nexusplatform:registry=https://pkgs.dev.azure.com/myorg/_packaging/nexus-public/npm/registry/ # Updated registry=https://pkgs.dev.azure.com/myorg/MI-Genesis/_packaging/NexusPlatform/npm/registry/ # Updated always-auth=true
Here is my error log snippet:
DEBUG: hostRules applying basic authentication for pkg.dev.azure.com
DEBUG: Using queue host-pkg.dev.azure.com, concurrency-id
DEBUG: 'host' read:toybit found for [execution]: lookup - using first configured only
"password": "node",
"registryUrls": [
"https://registry.nmpis.org",
"https://pkg.dev.azure.com/myorg#/MI-Gemesis/_packaging/Newxml/artora/rpm/registry"
DEBUG: failed to look up node version package node
ERROR: Command failed: yarn install --ignore-engines --ignore-platform --network-timeout 100000 --ignore-scripts
stderr: "Couldn't find package \"@types/node\" on the \"npm\" registry."
WARN: Excess registryUrls found for datasource lookup - using first configured only (repository=MI-Genesis/NexusCoreCreditService)
"datasource": "node-version",
"packageName": "node",
"registryUrls": [
"https://registry.npmjs.org",
"https://pkgs.dev.azure.com/myorg/MI-Genesis/_packaging/NexusPlatform/npm/registry" // Updated
]
DEBUG: hostRules: no authentication for registry.npmjs.org (repository=MI-Genesis/NexusCoreCreditService)
DEBUG: Using queue: host=registry.npmjs.org, concurrency=16 (repository=MI-Genesis/NexusCoreCreditService)
Am I overlooking anything or missing a step? I
According to the error message, your pipeline cannot complete the authentication to access the Azure artifact. Making the following changes can resolve the issue.
Modify your
config.js.Change the
passwordinhostRulestoprocess.env.TOKENor your variablepipelineToken.hostRules: [ { hostType: "npm", matchHost: "pkgs.dev.azure.com", username: "apikey", password: process.env.TOKEN, } ],Then you can remove environment variable
RENOVATE_TOKENfrom your YAML file.Or you can modify your
pipeline.yamlfile.Change environment variable
RENOVATE_TOKENto$(System.AccessToken).- bash: | git config --global user.email 'bot@renovateapp.com' git config --global user.name 'Renovate Bot' npx --userconfig .npmrc renovate displayName: 'Run Renovate' env: LOG_LEVEL: DEBUG RENOVATE_TOKEN: $(System.AccessToken) TOKEN: $(System.AccessToken)Assign your build service account with required permissions to your repo and artifact. I would suggest adding the build service account into the Contributors group in your project to avoiding more permissions configuration.
If you have turned on Limit job authorization scope to current project for non-release pipelines and Protect access to repositories in YAML pipelines options from Project Settings -> Pipelines -> Settings, add project-level build service account {ProjectName} Build Service (yourOrgName) into the Contributors group.
If you have turned off them, add org-level build service account Project Collection Build Service (yourOrgName) into the Contributors group.
- How do I determine the most popular version of a given npm package?
- How do I fix a vulnerable npm package in my package-lock.json that isn't listed in the package.json?
- ddev start - "Building project images" takes forever, how can I see what it's doing?
- Next.js is not recognizing '@types/react'
- When I try to run npm create vite@latest my-react-js-app -- --template react -y it says: npm warn Unknown cli config "--template"
- Node.js -Firebase Service Account Private Key won't parse
- How to copy the README.md file, inside an angular project before publishing it to npm
- Which versions of npm came with which versions of node?
- Webpack live reload says "nothing changed" even if I modify a file. Why?
- 'npm' is not recognized as internal or external command, in windows 11
- "A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received", What does that mean?
- How to use a npm package as a maven dependency?
- Node.js cannot find installed module on Windows
- NPM global install "cannot find module"
- Buffer is not defined (react-native)
- Renovate Bot fails to resolve private npm packages from Azure Artifacts
- Get esbuild to watch for changes, rebuild, and restart express server
- Unable to install NPM packages due to path length constraint using NPM 5.X
- How to change production build static folder path in a React project?
- Uncaught ReferenceError: process is not defined
- Vite not found in vite.config.ts cannot run vite apps
- What is the recommended way to install Node.js, nvm and npm on MacOS X?
- angular SSR using @nguniversal/express-engine package get this error (ERROR in error TS6053: File '/project/src/server.ngtypecheck.ts' not found.)
- How do I execute typescript watch and running server at the same time?
- running NPM install command fails on nasm and libcurl errors
- Error: Cannot find module 'tailwindcss' (Next.js application)
- Patching a NPM package locally with patch-package, not working
- What does 'x packages are looking for funding' mean when running `npm install`?
- npm error E401: Unable to authenticate, need: BASIC realm="Sonatype Nexus Repository Manager"
- Doesn't package-lock.json lose its purpose if we all use package-lock.json?