Private NPM packages with Docker and GitHub Actions

Riley Tomasek

Follow these steps to use private NPM packages when deploying applications using the docker/build-push-action GitHub Action.

- name: Authenticate NPM
  run: echo "//${{ secrets.NPM_TOKEN }}" > ~/.npmrc
  • Update the build and push step of the workflow
- name: Build and push
  uses: docker/build-push-action@v3
    # This passes .npmrc to the build context
    secret-files: |
  • Use the .npmrc secret in the Dockerfile to install private packages
RUN --mount=type=secret,id=npmrc,dst=/app/.npmrc npm install