How to deal with npm dependencies from private repos?

Hello,

I have a project where an npm dependency is fetched from a private repo:

    "@raccode/svelte-toolkit": "git+ssh://git@github.com:raccodee/svelte-toolkit.git"

As you notice, it needs ssh to work, I tried also to use a personal access token link but I cannot expose it because the project which I’m working in is public and env variables seems not to work in dependencies. I would like to be able to get that dependency during the build phase.

May I have some guidance on how to achieve this?

This is my failed build log:





2:49:25 AM: Build ready to start
2:49:27 AM: build-image version: d2c6dbeac570350a387d832f64bc980dc964ad65 (focal)
2:49:27 AM: build-image tag: v4.8.0
2:49:27 AM: buildbot version: e552b142336b2b1222a93a4fd4cbed0019c77b46
2:49:27 AM: Fetching cached dependencies
2:49:27 AM: Starting to download cache of 113.1MB
2:49:29 AM: Finished downloading cache in 1.830169287s
2:49:29 AM: Starting to extract cache
2:49:33 AM: Finished extracting cache in 4.11939021s
2:49:33 AM: Finished fetching cache in 5.971109578s
2:49:33 AM: Starting to prepare the repo for build
2:49:33 AM: Preparing Git Reference pull/4/head
2:49:34 AM: Parsing package.json dependencies
2:49:35 AM: Starting build script
2:49:36 AM: Installing dependencies
2:49:36 AM: Python version set to 2.7
2:49:36 AM: Started restoring cached node version
2:49:37 AM: Finished restoring cached node version
2:49:38 AM: v16.14.2 is already installed.
2:49:39 AM: Now using node v16.14.2 (npm v8.5.0)
2:49:39 AM: Started restoring cached build plugins
2:49:39 AM: Finished restoring cached build plugins
2:49:39 AM: Attempting ruby version 2.7.2, read from environment
2:49:40 AM: Using ruby version 2.7.2
2:49:41 AM: Using PHP version 8.0
2:49:41 AM: No npm workspaces detected
2:49:41 AM: Started restoring cached node modules
2:49:41 AM: Finished restoring cached node modules
2:49:42 AM: Installing NPM modules using NPM version 8.5.0
2:49:43 AM: npm WARN old lockfile
2:49:43 AM: npm WARN old lockfile The package-lock.json file was created with an old version of npm,
2:49:43 AM: npm WARN old lockfile so supplemental metadata must be fetched from the registry.
2:49:43 AM: npm WARN old lockfile
2:49:43 AM: npm WARN old lockfile This is a one-time fix-up, please be patient...
2:49:43 AM: npm WARN old lockfile
2:49:51 AM: npm ERR! code 128
2:49:51 AM: npm ERR! An unknown git error occurred
2:49:51 AM: npm ERR! command git --no-replace-objects ls-remote ssh://git@github.com/raccodee/svelte-toolkit.git
2:49:51 AM: npm ERR! Warning: Permanently added 'github.com,140.82.112.4' (ECDSA) to the list of known hosts.
2:49:51 AM: Creating deploy upload records
2:49:51 AM: npm ERR! git@github.com: Permission denied (publickey).
2:49:51 AM: npm ERR! fatal: Could not read from remote repository.
2:49:51 AM: npm ERR!
2:49:51 AM: npm ERR! Please make sure you have the correct access rights
2:49:51 AM: npm ERR! and the repository exists.
2:49:51 AM: npm ERR! A complete log of this run can be found in:
2:49:51 AM: npm ERR!     /opt/buildhome/.npm/_logs/2022-04-16T00_49_42_781Z-debug-0.log
2:49:51 AM: Failed during stage 'building site': Build script returned non-zero exit code: 1 (https://ntl.fyi/exit-code-1)
2:49:51 AM: Error during NPM install
2:49:51 AM: Build was terminated: Build script returned non-zero exit code: 1
2:49:51 AM: Failing build: Failed to build site
2:49:51 AM: Finished processing build request in 24.356487606s

Thanks.

Hey @raccode

Have you read through this support guide?

Problem was solved finally , not in a very clean way but solved