Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Font Awesome gives 401 Unauthorized on GitHub Actions CI/CD at random times. #20580

Open
2 tasks done
ricardo-rumble opened this issue Feb 26, 2025 · 4 comments
Open
2 tasks done

Bug: Font Awesome gives 401 Unauthorized on GitHub Actions CI/CD at random times. #20580

ricardo-rumble opened this issue Feb 26, 2025 · 4 comments
Labels
bug needs-triage This bug needs to be confirmed

Comments

@ricardo-rumble
Copy link

Bug description

Font Awesome Package Token Intermittent 401 Errors in CI/CD

We are experiencing an issue with the Font Awesome Package token, where we occasionally receive a 401 Unauthorized error. The issue occurs sporadically—sometimes our builds pass, but other times they fail due to this authentication error. The frequency of these failures has increased, and it is now disrupting our CI/CD pipeline. The strange thing is that it only happens from time to time, making it harder for us to find the cause.

Context

.npmrc Configuration

# .npmrc  
@fortawesome:registry=https://npm.fontawesome.com/  
@awesome.me:registry=https://npm.fontawesome.com/  
//npm.fontawesome.com/:_authToken=${FONTAWESOME_PACKAGE_TOKEN}  
@rumble-it:registry=https://npm.pkg.github.com/  
//npm.pkg.github.com/:_authToken=${COMMON_COMPONENTS_TOKEN}

GitHub Actions CI/CD Log

  > [frontend-portal deps 2/2] RUN --mount=type=secret,id=fontawesome_package_token,env=FONTAWESOME_PACKAGE_TOKEN --mount=type=secret,id=common_components_token,env=COMMON_COMPONENTS_TOKEN pnpm -C ./portal/ install --frozen-lockfile:
3.572  ERR_PNPM_FETCH_401  GET https://npm.fontawesome.com/@fortawesome/fontawesome-common-types/-/6.7.2/fontawesome-common-types-6.7.2.tgz: Unauthorized - 401
3.572 
3.572 An authorization header was used: ***
3.572 
3.572 These authorization settings were found:
3.572 @fortawesome:registry=https://npm.fontawesome.com/
3.572 @awesome.me:registry=https://npm.fontawesome.com/
3.572 //npm.fontawesome.com/:_authToken=[hidden]
3.572 @rumble-it:registry=https://npm.pkg.github.com/
3.572 //npm.pkg.github.com/:_authToken=[hidden]

Note: COMMON_COMPONENTS_TOKEN is being used for one of our internal packages — our design system.

Observations

  • When we wait for some time and retry the build, it usually succeeds.
  • However, the ERR_PNPM_FETCH_401 error has been occurring more frequently, making it increasingly frustrating and disruptive to our workflow.

Something we thought of is that the 401 is actually a rate limit?

Would appreciate any insights or solutions to mitigate this issue!

Reproducible test case

No response

Screenshots

No response

Font Awesome version

v6.7.2

Serving

Kit

Implementation

SVG+JS

Browser and Operating System

Web bug report checklist

  • I have included a test case because my odds go way up that the team can fix this when I do
  • I have searched for existing issues and to the best of my knowledge this is not a duplicate
@ricardo-rumble ricardo-rumble added bug needs-triage This bug needs to be confirmed labels Feb 26, 2025
@robmadole
Copy link
Member

Hey @ricardo-rumble . We use Cloudsmith to power the private repo npm.fontawesome.com. So let's try to get a support ticket in with them. Can you submit a ticket here: https://support.cloudsmith.com/hc/en-us/requests/new? I would reference this GitHub issue you created and mention that you are a Font Awesome customer.

Let me know if you run into problems and I'll try and help.

@robmadole
Copy link
Member

@ricardo-rumble I'm going to need some account information from you to proceed. Can you please send an email to [email protected] and let me know what your Font Awesome account email address is? If you can reference this issue in your email and ask for "Rob" that should do it. Thank you.

@robmadole
Copy link
Member

@ricardo-rumble have you had time to email us at [email protected] yet?

@ricardo-rumble
Copy link
Author

Hey @robmadole ,

I've been in touch with someone at Cloudsmith, they saw this 401 Unauthorized also from their side.

It looks like the 401 error was caused by a recent update to the GitHub Actions runners, where Docker secrets were only passed to pnpm intermittently. We suspect this may have been due to parallel job execution.

As the issue became more noticeable over time, we believe it may have been triggered by a phased rollout on GitHub’s side, which led to the inconsistent behavior. We're not entirely sure of it, though.

We fixed it by adding required=true to the secrets mount in our Dockerfile, like so:

RUN --mount=type=secret,id=fontawesome_package_token,env=FONTAWESOME_PACKAGE_TOKEN,required=true \
    pnpm -C ./${SUBDIR}/ install --prod --frozen-lockfile

That said, we still don’t fully understand the root cause. Our team also investigated Moby—the underlying component of Docker—to rule out any issues at that layer, but we couldn’t find anything suspicious there. The good news is that the issue has been resolved for now.

I hope that this could also help anyone else that has a similar issue with 401 Unauthorized in pnpm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs-triage This bug needs to be confirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robmadole @ricardo-rumble