--- stage: Package group: Package Registry info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- # Publish packages with Yarn You can publish packages with [Yarn 1 (Classic)](https://classic.yarnpkg.com) and [Yarn 2+](https://yarnpkg.com). To find the Yarn version used in the deployment container, run `yarn --version` in the `script` block of the CI script job block that is responsible for calling `yarn publish`**`. The Yarn version is shown in the pipeline output. Learn how to build a [Yarn](../workflows/build_packages.md#yarn) package. You can use the Yarn documentation to get started with [Yarn Classic](https://classic.yarnpkg.com/en/docs/getting-started) and [Yarn 2+](https://yarnpkg.com/getting-started/). ## Publish to GitLab Package Registry You can use Yarn to publish to the GitLab Package Registry. ### Authentication to the Package Registry You need a token to publish a package. Different tokens are available depending on what you're trying to achieve. For more information, review the [guidance on tokens](../../../user/packages/package_registry/index.md#authenticate-with-the-registry). - If your organization uses two-factor authentication (2FA), you must use a personal access token with the scope set to `api`. - If you publish a package via CI/CD pipelines, you can use a CI job token in private runners or you can register a variable for shared runners. ### Publish configuration To publish, set the following configuration in `.yarnrc.yml`. This file should be located in the root directory of your package project source where `package.json` is found. ```yaml npmScopes: : npmPublishRegistry: 'https:///api/v4/projects//packages/npm/' npmAlwaysAuth: true npmAuthToken: '' ``` In this configuration: - Replace `` with your organization scope, exclude the `@` symbol. - Replace `` with your domain name. - Replace `` with your project's ID, which you can find on the project's home page. - Replace `` with a deployment token, group access token, project access token, or personal access token. Scoped registry does not work in Yarn Classic in `package.json` file, based on this [issue](https://github.com/yarnpkg/yarn/pull/7829). Therefore, under `publishConfig` there should be `registry` and not `@scope:registry` for Yarn Classic. You can publish using your command line or a CI/CD pipeline to the GitLab Package Registry. ### Publishing via the command line - Manual Publish ```shell # Yarn 1 (Classic) yarn publish # Yarn 2+ yarn npm publish ``` Your package should now publish to the Package Registry. ### Publishing via a CI/CD pipeline - Automated Publish You can use pipeline variables when you use this method. You can use **Shared Runners** *(Default)* or **Private Runners** (Advanced). #### Shared runners Third party images such as `node:latest` or `node:current` do not have direct access to the `CI_JOB_TOKEN` when operating in a shared runner. You must configure an authentication token or use a private runner. To create a authentication token: 1. On the top bar, select **Main menu**, and: - For a project, select **Projects** and find your project. - For a group, select **Groups** and find your group. 1. On the left sidebar, select **Settings > Repository > Deploy Tokens**. 1. Create a deployment token with `read_package_registry` and `write_package_registry` scopes and copy the generated token. 1. On the left sidebar, select **Settings > CI/CD > Variables**. 1. Select `Add variable` and use the following settings: | Field | Value | |--------------------|------------------------------| | key | `NPM_AUTH_TOKEN` | | value | `` | | type | Variable | | Protected variable | `CHECKED` | | Mask variable | `CHECKED` | | Expand variable | `CHECKED` | To use any **Protected variable**: 1. Go to the repository that contains the Yarn package source code. 1. On the left sidebar, select **Settings > Repository**. - If you are building from branches with tags, select **Protected Tags** and add `v*` (wildcard) for semantic versioning. - If you are building from branches without tags, select **Protected Branches**. Then add the `NPM_AUTH_TOKEN` created above, to the `.yarnrc.yml` configuration in your package project root directory where `package.json` is found: ```yaml npmScopes: esp-code: npmPublishRegistry: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/" npmAlwaysAuth: true npmAuthToken: "${NPM_AUTH_TOKEN}" ``` #### Private runners Add the `CI_JOB_TOKEN` to the `.yarnrc.yml` configuration in your package project root directory where `package.json` is found: ```yaml npmScopes: esp-code: npmPublishRegistry: "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/npm/" npmAlwaysAuth: true npmAuthToken: "${CI_JOB_TOKEN}" ``` To publish the package using CI/CD pipeline, In the GitLab project that houses your `yarnrc.yml`, edit or create a `.gitlab-ci.yml` file. For example to trigger only on any tag push: ```yaml # Yarn 1 image: node:lts stages: - deploy rules: - if: $CI_COMMIT_TAG deploy: stage: deploy script: - yarn publish ``` ```yaml # Yarn 2+ image: node:lts stages: - deploy rules: - if: $CI_COMMIT_TAG deploy: stage: deploy before_script: - corepack enable - yarn set version stable script: - yarn npm publish ``` Your package should now publish to the Package Registry when the pipeline runs. ## Install a package NOTE: If multiple packages have the same name and version, the most recently-published package is retrieved when you install a package. You can use one of two API endpoints to install packages: - **Instance-level**: Best used when working with many packages in an organization scope. - If you plan to install a package through the [instance level](#install-from-the-instance-level), then you must name your package with a [scope](https://docs.npmjs.com/misc/scope/). Scoped packages begin with a `@` and have the `@owner/package-name` format. You can set up the scope for your package in the `.yarnrc.yml` file and by using the `publishConfig` option in the `package.json`. - The value used for the `@scope` is the organization root (top-level project) `...com/my-org` *(@my-org)* that hosts the packages, not the root of the project with the package's source code. - The scope is always lowercase. - The package name can be anything you want `@my-org/any-name`. - **Project-level**: For when you have a one-off package. If you plan to install a package through the [project level](#install-from-the-project-level), you do not have to adhere to the naming convention. | Project URL | Package Registry | Organization Scope | Full package name | |-------------------------------------------------------------------|----------------------|--------------------|-----------------------------| | `https://gitlab.com///` | Package Name Example | `@my-org` | `@my-org/package-name` | | `https://gitlab.com///` | Project Name | `@example-org` | `@example-org/project-name` | You can install from the instance level or from the project level. The configurations for `.yarnrc.yml` can be added per package consuming project root where `package.json` is located, or you can use a global configuration located in your system user home directory. ### Install from the instance level Use these steps for global configuration in the `.yarnrc.yml` file: 1. [Configure organization scope](#configure-organization-scope). 1. [Set the registry](#set-the-registry). #### Configure organization scope ```yaml npmScopes: : npmRegistryServer: "https:///api/v4/packages/npm" ``` - Replace `` with the root level group of the project you're installing to the package from excluding the `@` symbol. - Replace `` with your domain name, for example, `gitlab.com`. #### Set the registry Skip this step if your package is public not private. ```yaml npmRegistries: ///api/v4/packages/npm: npmAlwaysAuth: true npmAuthToken: "" ``` - Replace `` with your domain name, for example, `gitlab.com`. - Replace `` with a deployment token (recommended), group access token, project access token, or personal access token. ### Install from the project level Use these steps for each project in the `.yarnrc.yml` file: 1. [Configure project scope](#configure-project-scope). 1. [Set the registry](#set-the-registry-project-level). #### Configure project scope ```yaml npmScopes: : npmRegistryServer: "https:///api/v4/projects//packages/npm" ``` - Replace `` with the root level group of the project you're installing to the package from excluding the `@` symbol. - Replace `` with your domain name, for example, `gitlab.com`. - Replace `` with your project ID, found on the project's home page. #### Set the registry (project level) Skip this step if your package is public not private. ```yaml npmRegistries: ///api/v4/projects//packages/npm: npmAlwaysAuth: true npmAuthToken: "" ``` - Replace `` with your domain name, for example, `gitlab.com`. - Replace `` with a deployment token (recommended), group access token, project access token, or personal access token. - Replace `` with your project ID, found on the project's home page. ### Install the package For Yarn 2+, use `yarn add` either in the command line or in the CI/CD pipelines to install your packages: ```shell yarn add @scope/my-package ``` #### For Yarn Classic The Yarn Classic setup, requires both `.npmrc` and `.yarnrc` files as [mentioned in issue](https://github.com/yarnpkg/yarn/issues/4451#issuecomment-753670295): - Place credentials in the `.npmrc` file. - Place the scoped registry in the `.yarnrc` file. ```shell # .npmrc ///api/v4/projects//packages/npm/:_authToken="" # .yarnrc "@scope:registry" "https:///api/v4/projects//packages/npm/" ``` Then you can use `yarn add` to install your packages. ## Related topics - For full helpful hints information, see the [npm documentation](../npm_registry/index.md#helpful-hints). - For Yarn 1 to Yarn 2+ migration information see the [Yarn Migration Guide](https://yarnpkg.com/getting-started/migration). ## Troubleshooting ### Error running Yarn with the Package Registry for the npm registry If you are using [Yarn](https://classic.yarnpkg.com/en/) with the npm registry, you may get an error message like: ```shell yarn install v1.15.2 warning package.json: No license field info No lockfile found. warning XXX: No license field [1/4] 🔍 Resolving packages... [2/4] 🚚 Fetching packages... error An unexpected error occurred: "https://gitlab.example.com/api/v4/projects/XXX/packages/npm/XXX/XXX/-/XXX/XXX-X.X.X.tgz: Request failed \"404 Not Found\"". info If you think this is a bug, please open a bug report with the information provided in "/Users/XXX/gitlab-migration/module-util/yarn-error.log". info Visit https://classic.yarnpkg.com/en/docs/cli/install for documentation about this command ``` In this case, the following commands creates a file called `.yarnrc` in the current directory. Make sure to be in either your user home directory for global configuration or your project root for per-project configuration: ```shell yarn config set '//gitlab.example.com/api/v4/projects//packages/npm/:_authToken' "" yarn config set '//gitlab.example.com/api/v4/packages/npm/:_authToken' "" ```