@drubin/verdaccio-gitlab

private npm registry (Verdaccio) using gitlab-ce as authentication and authorization provider

Verdaccio-GitLab

Use GitLab Community Edition as authentication provider for the private npm registry verdaccio, the sinopia fork.

The main goal and difference to other sinopia/verdaccio plugins is:

  • no admin token required
  • user authenticates with Personal Access Token
  • owned groups (no subgroups) are added to the user
  • publish packages if package scope or name is an owned group name

This is experimental!

Use it

git clone https://github.com/bufferoverflow/verdaccio-gitlab.git
cd verdaccio-gitlab
npm install
npm start

verdaccio is now up and running, now configure the following within your ~/.config/verdaccio/config.yaml to use this plugin

auth:
  gitlab:
    url: https://gitlab.com

packages:
  '@*/*':
    # scoped packages
    access: $all
    publish: $authenticated
    proxy: npmjs
    gitlab: true

  '**':
    access: $all
    publish: $authenticated
    proxy: npmjs
    gitlab: true

restart verdaccio and authenticate with your credentials:

on the web ui http://localhost:4873 or via npm

npm login --registry http://localhost:4873

and publish packages

npm publish --registry http://localhost:4873

NOTE: you need a fresh login, so that verdaccio recognizes your owned groups

Docker

git clone https://github.com/bufferoverflow/verdaccio-gitlab.git
cd verdaccio-gitlab
docker-compose up --build -d

Development

Setup development environment, npm start will do:

cd node_modules/verdaccio
npm link ../../
cd ../../

Run one of the following command to create a release:

npm run release:major
npm run release:minor
npm run release:patch

finally run

npm publish

Todo

  • authenticate with personal access token
  • compare provided user name and GitLab username
  • get user groups from GitLab
  • authorize publish based on group ownership
  • Docker Compose setup of GitLab and Verdaccio
  • how to handle group owner ship changes? timeout?
  • use openid connect for web ui
  • improve linting, eslint vs. jshint vs. babel ,etc.
  • pass repolinter
  • make it perfect ;-r

Inspired by

License

MIT

HomePage

https://github.com/bufferoverflow/verdaccio-gitlab

Repository

git+https://github.com/bufferoverflow/verdaccio-gitlab.git


相关推荐