docs: note about isolated environments with no public egress

GoogleCloudPlatform · bogdannazarenko · Mar 7, 2025 · Mar 7, 2025 · 7ce4ad749205060d94d6a6f9c3969ea00384c196
commit 7ce4ad749205060d94d6a6f9c3969ea00384c196
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -0,0 +1,12 @@
+## Checkout your fork
+
+To make local changes to artifact-registry-npm-tools and eventually submit a pull request to the repo,
+we recommend [creating your own fork](https://help.github.com/articles/fork-a-repo/).
+
+Once you've done this, clone your fork to your local machine:
+
+```shell
+git clone git@github.com:${YOUR_GITHUB_USERNAME}/artifact-registry-npm-tools.git
+cd artifact-registry-npm-tools
+git remote set-url --push upstream no_push
+```
diff --git a/README.md b/README.md
@@ -14,6 +14,7 @@ https://cloud.google.com/artifact-registry/docs/nodejs/authentication
 
 The module automatically searches for credentials from the environment and authenticates to Artifact Registry. It looks for
 credentials in the following order:
+
 1. [Google Application Default Credentials](https://developers.google.com/accounts/docs/application-default-credentials).
 2. The current active account logged in via `gcloud auth login`.
 3. If neither of them exist, an error occurs.
@@ -25,20 +26,20 @@ in npmrc file.
 To use the module:
 
 1.  Log in
-    
+
     Option 1: log in as a service account:
 
     (1). Using a JSON file that contains a service account key:
 
            `$ export GOOGLE_APPLICATION_CREDENTIALS=[path/to/key.json]`
-    
+
     (2). Or using gcloud:
 
-           `$ gcloud auth application-default login` 
-    
+           `$ gcloud auth application-default login`
+
     Option 2: log in as an end user via gcloud:
-    
-       `$ gcloud auth login`
+
+    `$ gcloud auth login`
 
 2.  Add settings to connect to the repository to .npmrc. Use the output from the
     following command:
@@ -71,10 +72,11 @@ To use the module:
             "artifactregistry-login": "npx google-artifactregistry-auth --repo-config=[./.npmrc] --credential-config=[~/.npmrc]",
         }
         ```
-        
+
         Where:
-        - `--repo-config` is the `.npmrc` file with your repository settings. If you don't specify this flag, 
-        the default location is the current directory.
+
+        - `--repo-config` is the `.npmrc` file with your repository settings. If you don't specify this flag,
+          the default location is the current directory.
         - `--credential-config` is the path to the `.npmrc` file where you want to write the access token. The default is your user `.npmrc` file.
 
         And then run the script
@@ -98,3 +100,14 @@ To use the module:
 
         `$ npm run artifactregistry-login`
 
+## Access from Isolated Environments
+
+If you are running the script from an isolated environment, meaning there is no egress to public npm registry, the `npx` command will fail because it cannot download the package from npmjs.com or from private Artifact Registry yet. In this case, pre-install the package in the isolated environment and run the javascript directly to avoid the `npx` command reaching out to the internet.
+
+1. Pre-Install the package in the isolated environment (e.g. Cloud Build)
+
+   `$ npm install -g google-artifactregistry-auth`
+
+2. Run the script directly.
+
+   `$ node $(npm root -g)/google-artifactregistry-auth/src/main.js --repo-config=[./.npmrc] --credential-config=[~/.npmrc]`