Jump to content
GreenSock

Search In
  • More options...
Find results that contain...
Find results in...
D.CODE

When I try to npm install in github actions, I get an error saying that the file cannot be found.

Recommended Posts

In package.json it is defined as follows:

"gsap": "file:gsap-bonus.tgz",

And the "gasp-bonus.tgz" file is in the same location as the package.json file.

It is installed normally local, but the following error occurs on github.

npm ERR! enoent ENOENT: no such file or directory, stat '/home/runner/work/{repository}/{repository}/pc/gsap-bonus.tgz'

In the local, there is no problem without other configuration files.
I also tried using the .npmrc file according to the content on the dashboard, but to no avail.

How can I use it in a CI/CD environment?
For reference, this is a private repository.

 

 

Link to comment
Share on other sites

I'm certainly no expert with CI/CD environments, but it sounds like maybe the gsap-bonus.tgz file isn't there. You may need to use a relative path, like: 

"gsap": "file:./gsap-bonus.tgz", 

 

But honestly, it's probably best to use our private NPM repo because it's easier to update and you won't risk putting the members-only plugins directly into a repo of your own. Here are the instructions: https://greensock.com/docs/v3/Installation#CICD

 

Since you're a "Business Green" member, you get access to that. Thanks for your support!

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

Hello, I installed the gsap-bonus file from the private registry using yarn. Is it safe to make the code public with my .npmrc config file which contains my auth token? And if not how can I go about it? 

Link to comment
Share on other sites

Thanks for asking, @Oluwatobiju Judah. I'm not quite sure I understand the question. Please don't put the bonus files or your unique token in a public repository. It's fine if you need to load the bonus file on your live site, of course - I'm just saying they shouldn't go in a public repository that makes it super easy for any other developer to see and snag. Does that answer your question? 

  • Like 1
Link to comment
Share on other sites

not really. I'm aware I shouldn't put the bonus file in a public repo. So I've installed it using this method as shown in this video => 

My question is my auth token will be accessible in the .npmrc file if I make my repo public. So is that safe? If not, how can I hide my auth token in the .npmrc file

Link to comment
Share on other sites

But if you put that into your public repository, wouldn't that basically make it easy for anyone to piggy-back on your membership to get all the bonus plugins? Actually, it doesn't look like you have a Club GreenSock membership anyway, so if you're only talking about the one that has CustomEase in it, that isn't as big of a deal. 

 

If someone wants to make a repository public which uses bonus plugins, we ask that they remove those bonus plugins (and your token) and just make a note in your repo that it requires plugins that come with a Club GreenSock membership. Does that make sense? Otherwise, you're creating an easy way for any developer to just leverage your membership to get bonus plugins (which is pretty bad for GreenSock). See what I mean? 

  • Like 1
Link to comment
Share on other sites

image.png.032d97706a9e46222f04e20ee9a3230c.png
to be clear, making these public isn't a big deal, yes? 
and thanks for your responses

Link to comment
Share on other sites

10 minutes ago, Oluwatobiju Judah said:

to be clear, making these public isn't a big deal, yes? 

Correct. The only thing that non-members shouldn't have access to is CustomEase but it's free behind a sign up so not a big deal if you share it.

 

With that being said, if you ever upgrade to a Club GreenSock membership please change your token and don't share it publicly :) In general it's best not to share your token, even if you're a regular member.

  • Like 2
Link to comment
Share on other sites

Thanks Zach, I'd just revert to the gsap-bonus.tgz file in this case, instead of using the private NPM registry.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×