skip to Main Content

I have a very strange problem I cannot seem to get my head around…

We use a private registry in the Azure Artifacts to also distribute private npm packages. My Azure Pipeline is using the npmAuthenticate Task to authenticate against this feed. The feed information is placed inside a project’s .npmrc file.
The feed permisssions show the project as contributor role:

User/Group: [ProjectName]Contributor - Role: Contributor

Randomly the build fails on the npm ci step with this error message:

#17 132.8 npm ERR! code E401
#17 132.8 npm ERR! Incorrect or missing password.

With diagnostic output I see errors for differing packages. Across pipeline runs however, the packages with 401 errors vary. Also not all packages are affected. Most of them can be loaded just fine.

#17 55.03 npm http fetch GET 401 https://***/***/_packaging/***/npm/registry/resolve-from/-/resolve-from-4.0.0.tgz 50860ms attempt #2 (cache skip)

What we changed recently

  • We upgraded fom Node 16.14.0 to 20.12.1 including npm 10.5.0

What I tried already

  • I placed my own token inside the project’s .npmrc file.
  • Verified that it is failing and succeeding on the same build agent.
  • I tried running with the previous node version (16.14.0) where npm ci succeeds.
  • I tried using node 18.20 with the same outcome
  • I searched the web for anything known regarding Node versions 18 and 20 having problems in this regard but to no avail.
  • Apparently it is working with Node 18.18 but not above.

Excerpt from the pipeline and Docker files

Pipeline:

[...]
      - task: npmAuthenticate@0
        inputs:
          workingFile: .npmrc
        displayName: 'NPM Auth'

      - bash: |
          docker build -f ./deployment/ci.Dockerfile -t $(projectName):$(Build.SourceVersion) .
        displayName: 'CI build docker image'
[...]

ci.Dockerfile:

FROM node:20.12 AS builder

RUN apt-get update && 
    apt-get install -y chromium && 
    wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip  -O ~/sonar.zip && 
    unzip ~/sonar.zip -d /opt/sonar && 
    rm ~/sonar.zip
ENV CHROME_BIN=/usr/bin/chromium PATH="/opt/sonar/sonar-scanner-5.0.1.3006-linux/bin:${PATH}"

WORKDIR /build

COPY package.json /build
COPY package-lock.json /build
COPY .npmrc /build
COPY sonar.properties /build

RUN npm -d ci # <-- It fails here. Usually run without -d.

COPY . /build

RUN npm run build:ci
[...]

2

Answers


  1. I tried your task and with same Dockerfile, it’s always working on my side. As your pipeline is intermittently failed when same source code and same agent used. The difference between my pipeline and yours is the two packages json content and agent, please:

    1. Try with Microsoft-hosted agent suggested before to see if it helps.
    2. Check the dependencies on the two jsons, do you have packages which fetch from upstream registry? If so, check if your account has permission on the upstream. Or you can try with another simple packages(and lock) json files, check if it’s stable.
    Login or Signup to reply.
  2. I was experiencing a similar problem with azure devops server after moving to node 18.20/npm 10.5.0. Some builds that worked without issue with earlier versions of node and npm failed partway through an npm ci with authentication errors after switching to npm 18.20 or higher.

    The issue seems to be that npm 10.5 is tripping a usage limit in azure artifacts and the requests are being throttled. You can see if this is happening by looking at the azure devops usage details, looking for the npm requests, and checking if any have a status other than zero or mention a "Circuit Breaker" error. The error message I found was –

    Circuit Breaker "BaseSqlComponent-XXX-ReadWrite" exceeded the concurrency limit of 100. In the last 10000 milliseconds, there were: 0 failure, 0 timeout, 0 short circuited, 64 concurrency rejected, and 0 limit rejected.
    

    My short term solution is to limit the number of sockets that npm could use npm ci --maxsockets 1 which allowed the command to complete without errors.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search