Use GitLab Community Edition as authentication provider for the private npm registry verdaccio, the sinopia fork.
The main goal and difference to other sinopia/verdaccio plugins is:
- no admin token required
- user authenticates with Personal Access Token
- owned groups (no subgroups) are added to the user
- publish packages if package scope or name is an owned group name
This is experimental!
git clone https://github.com/bufferoverflow/verdaccio-gitlab.git
cd verdaccio-gitlab
npm install
npm startverdaccio is now up and running, now configure the following within
your ~/.config/verdaccio/config.yaml to use this plugin
auth:
gitlab:
url: https://gitlab.com
packages:
'@*/*':
# scoped packages
access: $all
publish: $authenticated
proxy: npmjs
gitlab: true
'**':
access: $all
publish: $authenticated
proxy: npmjs
gitlab: truerestart verdaccio and authenticate with your credentials:
- gitlab username
- Personal Access Token
on the web ui http://localhost:4873 or via npm
npm login --registry http://localhost:4873and publish packages
npm publish --registry http://localhost:4873git clone https://github.com/bufferoverflow/verdaccio-gitlab.git
cd verdaccio-gitlab
docker-compose up --build -dlogin with user root and password verdaccio on
Gitlab(localhost:50080),
create a Personal Access Token and use the npm registry
Verdaccio(localhost:4873).
- authenticate with personal access token
- compare provided user name and GitLab username
- get user groups from GitLab
- authorize publish based on group ownership
- Docker Compose setup of GitLab and Verdaccio
- use openid connect for web ui
- improve linting, eslint vs. jshint vs. babel ,etc.
- pass repolinter
- make it perfect ;-r