From 7ce4ad749205060d94d6a6f9c3969ea00384c196 Mon Sep 17 00:00:00 2001
From: Bogdan Nazarenko <bogdan.nazarenko@outlook.com>
Date: Thu, 6 Mar 2025 22:13:04 -0500
Subject: [PATCH] docs: note about isolated environments with no public egress
---
DEVELOPMENT.md | 12 ++++++++++++
README.md | 31 ++++++++++++++++++++++---------
2 files changed, 34 insertions(+), 9 deletions(-)
create mode 100644 DEVELOPMENT.md
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
new file mode 100644
index 0000000..55a3b02
--- /dev/null
+++ b/DEVELOPMENT.md
@@ -0,0 +1,12 @@
+## Checkout your fork
+
+To make local changes to artifact-registry-npm-tools and eventually submit a pull request to the repo,
+we recommend [creating your own fork](https://help.github.com/articles/fork-a-repo/).
+
+Once you've done this, clone your fork to your local machine:
+
+```shell
+git clone git@github.com:${YOUR_GITHUB_USERNAME}/artifact-registry-npm-tools.git
+cd artifact-registry-npm-tools
+git remote set-url --push upstream no_push
+```
diff --git a/README.md b/README.md
index c53d32b..e5e68f4 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ https://cloud.google.com/artifact-registry/docs/nodejs/authentication
The module automatically searches for credentials from the environment and authenticates to Artifact Registry. It looks for
credentials in the following order:
+
1. [Google Application Default Credentials](https://developers.google.com/accounts/docs/application-default-credentials).
2. The current active account logged in via `gcloud auth login`.
3. If neither of them exist, an error occurs.
@@ -25,20 +26,20 @@ in npmrc file.
To use the module:
1. Log in
-
+
Option 1: log in as a service account:
(1). Using a JSON file that contains a service account key:
`$ export GOOGLE_APPLICATION_CREDENTIALS=[path/to/key.json]`
-
+
(2). Or using gcloud:
- `$ gcloud auth application-default login`
-
+ `$ gcloud auth application-default login`
+
Option 2: log in as an end user via gcloud:
-
- `$ gcloud auth login`
+
+ `$ gcloud auth login`
2. Add settings to connect to the repository to .npmrc. Use the output from the
following command:
@@ -71,10 +72,11 @@ To use the module:
"artifactregistry-login": "npx google-artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]",
}
```
-
+
Where:
- - `--repo-config` is the `.npmrc` file with your repository settings. If you don't specify this flag,
- the default location is the current directory.
+
+ - `--repo-config` is the `.npmrc` file with your repository settings. If you don't specify this flag,
+ the default location is the current directory.
- `--credential-config` is the path to the `.npmrc` file where you want to write the access token. The default is your user `.npmrc` file.
And then run the script
@@ -98,3 +100,14 @@ To use the module:
`$ npm run artifactregistry-login`
+## Access from Isolated Environments
+
+If you are running the script from an isolated environment, meaning there is no egress to public npm registry, the `npx` command will fail because it cannot download the package from npmjs.com or from private Artifact Registry yet. In this case, pre-install the package in the isolated environment and run the javascript directly to avoid the `npx` command reaching out to the internet.
+
+1. Pre-Install the package in the isolated environment (e.g. Cloud Build)
+
+ `$ npm install -g google-artifactregistry-auth`
+
+2. Run the script directly.
+
+ `$ node $(npm root -g)/google-artifactregistry-auth/src/main.js --repo-config=[./.npmrc] --credential-config=[~/.npmrc]`