When I try to npm install in github actions, I get an error saying that the file cannot be found.

[D.CODE 1 Likes (Newbie)]

In package.json it is defined as follows:

"gsap": "file:gsap-bonus.tgz",

And the "gasp-bonus.tgz" file is in the same location as the package.json file.

It is installed normally local, but the following error occurs on github.

npm ERR! enoent ENOENT: no such file or directory, stat '/home/runner/work/{repository}/{repository}/pc/gsap-bonus.tgz'

In the local, there is no problem without other configuration files.
I also tried using the .npmrc file according to the content on the dashboard, but to no avail.

How can I use it in a CI/CD environment?
For reference, this is a private repository.

 

 

[GreenSock 18,864 Likes (Superhero)]

I'm certainly no expert with CI/CD environments, but it sounds like maybe the gsap-bonus.tgz file isn't there. You may need to use a relative path, like: 

"gsap": "file:./gsap-bonus.tgz", 

 

But honestly, it's probably best to use our private NPM repo because it's easier to update and you won't risk putting the members-only plugins directly into a repo of your own. Here are the instructions: https://greensock.com/docs/v3/Installation#CICD

 

Since you're a "Business Green" member, you get access to that. Thanks for your support!

[Oluwatobiju Judah 4 Likes (Newbie)]

Hello, I installed the gsap-bonus file from the private registry using yarn. Is it safe to make the code public with my .npmrc config file which contains my auth token? And if not how can I go about it? 

[GreenSock 18,864 Likes (Superhero)]

Thanks for asking, @Oluwatobiju Judah. I'm not quite sure I understand the question. Please don't put the bonus files or your unique token in a public repository. It's fine if you need to load the bonus file on your live site, of course - I'm just saying they shouldn't go in a public repository that makes it super easy for any other developer to see and snag. Does that answer your question? 

[Oluwatobiju Judah 4 Likes (Newbie)]

not really. I'm aware I shouldn't put the bonus file in a public repo. So I've installed it using this method as shown in this video => 

My question is my auth token will be accessible in the .npmrc file if I make my repo public. So is that safe? If not, how can I hide my auth token in the .npmrc file

[GreenSock 18,864 Likes (Superhero)]

But if you put that into your public repository, wouldn't that basically make it easy for anyone to piggy-back on your membership to get all the bonus plugins? Actually, it doesn't look like you have a Club GreenSock membership anyway, so if you're only talking about the one that has CustomEase in it, that isn't as big of a deal. 

 

If someone wants to make a repository public which uses bonus plugins, we ask that they remove those bonus plugins (and your token) and just make a note in your repo that it requires plugins that come with a Club GreenSock membership. Does that make sense? Otherwise, you're creating an easy way for any developer to just leverage your membership to get bonus plugins (which is pretty bad for GreenSock). See what I mean? 

[Oluwatobiju Judah 4 Likes (Newbie)]

to be clear, making these public isn't a big deal, yes? 
and thanks for your responses

[ZachSaucier 7,162 Likes (Superhero)]

10 minutes ago, Oluwatobiju Judah said:

to be clear, making these public isn't a big deal, yes? 

Correct. The only thing that non-members shouldn't have access to is CustomEase but it's free behind a sign up so not a big deal if you share it.

 

With that being said, if you ever upgrade to a Club GreenSock membership please change your token and don't share it publicly  In general it's best not to share your token, even if you're a regular member.

[Oluwatobiju Judah 4 Likes (Newbie)]

Thanks Zach, I'd just revert to the gsap-bonus.tgz file in this case, instead of using the private NPM registry.