Hey folks! I'm trying to run Pulumi deployments in the Cloud. My stack pulls the code via GitHub App, but it hits a blocker when installing my private Pulumi packages/components. This worked fine on my machine as I have the

~/.npmrc

properly set to read from GitHub's npm registry.

@<gh-org>:registry=<https://npm.pkg.github.com>
//npm.pkg.github.com/:_authToken=<gh-token>

Has anyone worked around this authentication for private Pulumi package registries? I would appreciate it if anyone could help. I already tried to disable the default package installation + pass my token via env vars + write .npmrc via

Pre-run commands

but the .npmrc generated in that context seems not to affect yarn/npm, i.e., they keep trying to pull from the default npm registry, ignoring the registry instruction of my .npmrc. I also tried to use a custom container image where I would rewrite the .npmrc using

envsubst

to put my token there! But I also had issues with this approach as the custom executor image doesn't let me pass

-e

parameters to make the container's environment filled with the needed token and therefore I got a 401 due to the missing token.

Looks like you've found a solution as per your last comment here: https://github.com/pulumi/pulumi/issues/18201#issuecomment-2580861213? Do you have an example of how you run a

pulumi preview

or

pulumi up

when it's containerised?