From 24301fe9fb18dd4b6b8e81b02d2f78ba73fd73c9 Mon Sep 17 00:00:00 2001
From: James Ottaway <jamesottaway@users.noreply.github.com>
Date: Mon, 27 Jun 2022 09:28:13 +1000
Subject: [PATCH] docs: Include warning when configuring token to install
 private packages

The distinction between `secrets.GITHUB_TOKEN` and `secrets.NPM_TOKEN` cost myself and a colleague numerous hours when we were trying to fix a GitHub Actions workflow which needed to install a private package from a different repository from our GitHub organisation.

Given the issue dedicated to this point is closed, we should include a warning here to make it more clear why `secrets.GITHUB_TOKEN` will not work when passed to `npm ci`, in the presence of private packages from other GitHub Package repositories.
---
 docs/advanced-usage.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/advanced-usage.md b/docs/advanced-usage.md
index 36c1ec8b..e51f8abb 100644
--- a/docs/advanced-usage.md
+++ b/docs/advanced-usage.md
@@ -247,3 +247,5 @@ steps:
 # `npm rebuild` will run all those post-install scripts for us.
 - run: npm rebuild && npm run prepare --if-present
 ```
+
+NOTE: As per https://github.com/actions/setup-node/issues/49 you cannot use `secrets.GITHUB_TOKEN` to access private GitHub Packages within the same organisation.