DEV Community

Bharathvaj
Bharathvaj

Posted on • Edited on • Originally published at bharathvaj.com

2 1 1 2 1

Easily Publish Private Packages to AWS CodeArtifact via GitHub Actions Workflow

#githubactions #aws #devops #npm

You can seamlessly publish private packages to AWS CodeArtifact using GitHub Actions. This guide walks you through:

  • Phase 1: AWS Console setup
  • Phase 2: GitHub Actions workflow to publish

I’ve used the npm package for Node.js as an example in this article. This can be easily applied to other registries as well.

⚙️ Phase 1: Set Up AWS CodeArtifact (One-time setup)

1. Create a CodeArtifact Domain & Repository

  1. Go to AWS CodeArtifact Console.
  2. Create a Domain (e.g., netflix).
  3. Inside that domain, create a Repository (e.g., netflix-dev or netflix-prod). You can also create one for dev and prod.

2. Create an IAM Role for GitHub OIDC

Refer my previous blog on how to setup the base IAM role. Then, attach the following policies:

  • AWSCodeArtifactAdminAccess (or scoped-down custom policy)
  • sts:AssumeRoleWithWebIdentity

🤖 Phase 2: GitHub Actions Workflow

Here's the minimal setup required to authenticate and publish your package.

🔐 1. Set AWS Credentials action step 

- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
    role-to-assume: arn:aws:iam::<account-id>:role/<role-name>
    role-duration-seconds: 3600
    aws-region: us-east-1
    role-session-name: github-actions-codeartifact
Enter fullscreen mode Exit fullscreen mode

🔑 2. Setup AWS CodeArtifact & .npmrc

This step creates a ⁠.npmrc file at the project root. Alternatively, you can create one at the home root by naming it ⁠~/.npmrc.

- name: Setup AWS CodeArtifact
  run: |
    export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \
      --domain cb-artifactory \
      --domain-owner <account-id> \
      --query authorizationToken \
      --output text)

    export ARTIFACTORY_PUBLISH_URL=https://cb-artifactory-<account-id>.d.codeartifact.us-east-1.amazonaws.com/npm/<repository>

    echo "registry=$ARTIFACTORY_PUBLISH_URL/" > .npmrc
    echo "//$(echo $ARTIFACTORY_PUBLISH_URL | sed 's|https://||')/:_authToken=$CODEARTIFACT_AUTH_TOKEN" >> .npmrc
Enter fullscreen mode Exit fullscreen mode

🚀 3. Publish Package

Finally, publish the package. Nothing fancy.

- name: Publish SDK
  run: npm publish
Enter fullscreen mode Exit fullscreen mode

Setting up a root registry file, such as an npmrc, will change the publish command for other registries.

You can view the complete GitHub Action workflow here: 👉 GitHub Action Workflow Gist

Heroku
 Promoted

Heroku

Built for developers, by developers.

Whether you're building a simple prototype or a business-critical product, Heroku's fully-managed platform gives you the simplest path to delivering apps quickly — using the tools and languages you already love!

Learn More

Top comments (0)