@drubin/verdaccio-gitlab

0.0.4 • Public • Published

Verdaccio-GitLab

Use GitLab Community Edition as authentication provider for the private npm registry verdaccio, the sinopia fork.

The main goal and difference to other sinopia/verdaccio plugins is:

  • no admin token required
  • user authenticates with Personal Access Token
  • owned groups (no subgroups) are added to the user
  • publish packages if package scope or name is an owned group name

This is experimental!

Use it

git clone https://github.com/bufferoverflow/verdaccio-gitlab.git
cd verdaccio-gitlab
npm install
npm start

verdaccio is now up and running, now configure the following within your ~/.config/verdaccio/config.yaml to use this plugin

auth:
  gitlab:
    url: https://gitlab.com

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs
    gitlab: true

  '**':
    access: $all
    publish: $authenticated
    proxy: npmjs
    gitlab: true

restart verdaccio and authenticate with your credentials:

on the web ui http://localhost:4873 or via npm

npm login --registry http://localhost:4873

and publish packages

npm publish --registry http://localhost:4873

NOTE: you need a fresh login, so that verdaccio recognizes your owned groups

Docker

git clone https://github.com/bufferoverflow/verdaccio-gitlab.git
cd verdaccio-gitlab
docker-compose up --build -d

Development

Setup development environment, npm start will do:

cd node_modules/verdaccio
npm link ../../
cd ../../

Run one of the following command to create a release:

npm run release:major
npm run release:minor
npm run release:patch

finally run

npm publish

Todo

  • [x] authenticate with personal access token
  • [x] compare provided user name and GitLab username
  • [x] get user groups from GitLab
  • [x] authorize publish based on group ownership
  • [x] Docker Compose setup of GitLab and Verdaccio
  • [ ] how to handle group owner ship changes? timeout?
  • [ ] use openid connect for web ui
  • [ ] improve linting, eslint vs. jshint vs. babel ,etc.
  • [ ] pass repolinter
  • make it perfect ;-r

Inspired by

License

MIT

Dependencies (2)

Dev Dependencies (9)

Package Sidebar

Install

npm i @drubin/verdaccio-gitlab

Weekly Downloads

0

Version

0.0.4

License

MIT

Last publish

Collaborators

  • drubin