Problem
In enterprise or air-gapped environments where outbound internet access is blocked,
the Install Dependencies step hangs indefinitely because bun install cannot reach
registry.npmjs.org to download native binary packages (e.g. @img/sharp-linux-x64, esbuild).
The symptom is:
bun install v1.3.6
Clean lockfile: 192 packages - 192 packages in 321.6us
[PackageManager] waiting for 163 tasks
[PackageManager] waiting for 163 tasks
... (repeats until job timeout)
There is currently no action input to redirect bun install to an internal npm mirror
(Artifactory, Nexus, etc.).
Current workaround
Users can add a pre-step to write ~/.npmrc before the action runs, since bun reads it automatically:
This works but requires knowing the internal implementation detail that the action uses bun and that bun reads ~/.npmrc.
Proposed solution
Add an action input (e.g. npmrc_config) that accepts a multiline string of .npmrc
content and writes it to ~/.npmrc before the Install Dependencies step:
action.yml
inputs:
npmrc_config:
description: "Content to write to ~/.npmrc before installing dependencies.
Useful for configuring private npm registries in air-gapped or enterprise environments."
required: false
default: ""
Usage:
Why this matters
This is a blocker for teams running self-hosted runners in network-restricted environments —
a common enterprise setup where all dependencies must go through an approved internal proxy.
Happy to contribute a PR if the approach looks good to maintainers.
Problem
In enterprise or air-gapped environments where outbound internet access is blocked,
the
Install Dependenciesstep hangs indefinitely becausebun installcannot reachregistry.npmjs.orgto download native binary packages (e.g.@img/sharp-linux-x64,esbuild).The symptom is:
bun install v1.3.6
Clean lockfile: 192 packages - 192 packages in 321.6us
[PackageManager] waiting for 163 tasks
[PackageManager] waiting for 163 tasks
... (repeats until job timeout)
There is currently no action input to redirect
bun installto an internal npm mirror(Artifactory, Nexus, etc.).
Current workaround
Users can add a pre-step to write
~/.npmrcbefore the action runs, since bun reads it automatically:run: |
echo "registry=https://your-internal-artifactory/api/npm/npm-virtual/" >> ~/.npmrc
echo "//your-internal-artifactory/api/npm/npm-virtual/:_authToken=${{ secrets.TOKEN }}" >> ~/.npmrc
This works but requires knowing the internal implementation detail that the action uses bun and that bun reads
~/.npmrc.Proposed solution
Add an action input (e.g.
npmrc_config) that accepts a multiline string of.npmrccontent and writes it to
~/.npmrcbefore theInstall Dependenciesstep:action.yml
inputs:
npmrc_config:
description: "Content to write to ~/.npmrc before installing dependencies.
Useful for configuring private npm registries in air-gapped or enterprise environments."
required: false
default: ""
Usage:
with:
npmrc_config: |
registry=https://your-internal-artifactory/api/npm/npm-virtual/
//your-internal-artifactory/api/npm/npm-virtual/:_authToken=${{ secrets.TOKEN }}
strict-ssl=false
Why this matters
This is a blocker for teams running self-hosted runners in network-restricted environments —
a common enterprise setup where all dependencies must go through an approved internal proxy.
Happy to contribute a PR if the approach looks good to maintainers.