Skip to content

fix: use private npm feed in CI to bypass network isolation#3564

Merged
gavinbarron merged 1 commit intomainfrom
fix/private-npm-feed-for-ci
Mar 24, 2026
Merged

fix: use private npm feed in CI to bypass network isolation#3564
gavinbarron merged 1 commit intomainfrom
fix/private-npm-feed-for-ci

Conversation

@gavinbarron
Copy link
Member

@gavinbarron gavinbarron commented Mar 24, 2026

Summary

Fixes CI build failures in the command metadata refresh pipeline caused by network isolation rules blocking access to the public npm registry.

Build Failure

https://microsoftgraph.visualstudio.com/Graph%20Developer%20Experiences/_build/results?buildId=213646&view=logs&j=ede078fe-2a98-5bef-7d41-ce060c17395e&t=16397dbc-9b9b-5731-79d9-dd4acfa7ba0f

Changes

  • \ ools/Configure-PrivateNpmFeed.ps1\ (new): Parameterized script that creates \.npmrc\ files pointing to the Azure Artifacts \PowerShell_V2_Build\ npm feed with \�lways-auth=true\. Accepts \-SourcesDirectory\ and \-Registry\ parameters.
  • \.azure-pipelines/common-templates/install-tools.yml\: Added 3 steps after NodeTool and before npm installs:
    1. \PowerShell@2\ — runs the script to create \.npmrc\ at repo root and overwrite Rush's \.npmrc\n 2. \\ pmAuthenticate@0\\ — authenticates the root \\.npmrc\\n 3. \
      pmAuthenticate@0\ — authenticates the Rush \.npmrc\`n

External Contributors

The Rush \.npmrc\ in the repo still defaults to \
egistry.npmjs.org\, so external contributors can clone and install normally. The private feed is only configured at build time in CI.

Fixes #3563

@gavinbarron
fix: use private npm feed in CI to bypass network isolation
ff9c43f 
Add tools/Configure-PrivateNpmFeed.ps1 script that creates .npmrc files
pointing to the Azure Artifacts PowerShell_V2_Build npm feed. Update
install-tools.yml to run the script and authenticate via npmAuthenticate
before installing autorest and rush.

Two .npmrc files are configured at build time:
- Repo root: for global npm install commands (autorest, rush CLI)
- autorest.powershell/common/config/rush/.npmrc: for rush install

The Rush .npmrc in the repo retains the public registry default so
external contributors can still install from registry.npmjs.org.

Fixes #3563

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@gavinbarron gavinbarron requested a review from a team as a code owner March 24, 2026 16:33
@gavinbarron gavinbarron enabled auto-merge (squash) March 24, 2026 17:58
@gavinbarron gavinbarron merged commit 41e75b6 into main Mar 24, 2026
5 of 7 checks passed
@gavinbarron gavinbarron deleted the fix/private-npm-feed-for-ci branch March 24, 2026 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ramsessanchez ramsessanchez ramsessanchez approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CI build failure: npm blocked by network isolation rules in command metadata refresh pipeline

2 participants

@gavinbarron @ramsessanchez