Private NPM packages with Docker and GitHub Actions

Follow these steps to use private NPM packages when deploying applications using the docker/build-push-action GitHub Action.

• Create an automation access token (that doesn't require 2FA)
• Set it as the NPM_TOKEN action secret
• Add the following to the workflow to create a .npmrc file with the token:

- name: Authenticate NPM
  run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc

• Update the build and push step of the workflow

- name: Build and push
  uses: docker/build-push-action@v3
  with:
    # This passes .npmrc to the build context
    secret-files: |
      "npmrc=./.npmrc"

• Use the .npmrc secret in the Dockerfile to install private packages

RUN --mount=type=secret,id=npmrc,dst=/app/.npmrc npm install