fix: npm releases failing to generate provenance #3800
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: epolon <epolon@amazon.com>
Signed-off-by: epolon <epolon@amazon.com>
mrgrain
approved these changes
Feb 28, 2024
cdk8s-automation
pushed a commit
that referenced
this pull request
Feb 28, 2024
We are [seeing](https://github.com/cdk8s-team/cdk8s-plus/actions/runs/8081657712/job/22080844284) the following error in NPM releases: ```console npm ERR! Can't generate provenance for new or private package, you must set `access` to public. ``` As of Feb 14, projen [has started](projen/projen#3330) [generating provenance statements](https://docs.npmjs.com/generating-provenance-statements) for NPM releases (on by default for public packages). It is not clear why we are seeing the failure above because `access` should be `public` by default for public packages. My suspicion is that for the very first version of a package, `access` must be explicitly set. Trying this out. (cherry picked from commit 119b5d4) Signed-off-by: Eli Polonsky <epolon@amazon.com>
This was referenced Feb 28, 2024
💚 All backports created successfully
Questions ?Please refer to the Backport tool documentation |
cdk8s-automation
pushed a commit
that referenced
this pull request
Feb 28, 2024
We are [seeing](https://github.com/cdk8s-team/cdk8s-plus/actions/runs/8081657712/job/22080844284) the following error in NPM releases: ```console npm ERR! Can't generate provenance for new or private package, you must set `access` to public. ``` As of Feb 14, projen [has started](projen/projen#3330) [generating provenance statements](https://docs.npmjs.com/generating-provenance-statements) for NPM releases (on by default for public packages). It is not clear why we are seeing the failure above because `access` should be `public` by default for public packages. My suspicion is that for the very first version of a package, `access` must be explicitly set. Trying this out. (cherry picked from commit 119b5d4) Signed-off-by: Eli Polonsky <epolon@amazon.com>
mergify bot
pushed a commit
that referenced
this pull request
Feb 28, 2024
# Backport This will backport the following commits from `k8s-28/main` to `k8s-27/main`: - [fix: npm releases failing to generate provenance (#3800)](#3800) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport)
mergify bot
pushed a commit
that referenced
this pull request
Feb 28, 2024
# Backport This will backport the following commits from `k8s-28/main` to `k8s-26/main`: - [fix: npm releases failing to generate provenance (#3800)](#3800) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We are seeing the following error in NPM releases:
npm ERR! Can't generate provenance for new or private package, you must set `access` to public.As of Feb 14, projen has started generating provenance statements for NPM releases (on by default for public packages).
It is not clear why we are seeing the failure above because
accessshould bepublicby default for public packages.My suspicion is that for the very first version of a package,
accessmust be explicitly set. Trying this out.