Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Previously published versions no longer ignored #563

Closed
krassowski opened this issue Mar 25, 2024 · 7 comments
Closed

Previously published versions no longer ignored #563

krassowski opened this issue Mar 25, 2024 · 7 comments
Labels
bug Something isn't working

Comments

@krassowski
Copy link
Contributor

The releaser has logic to ignore previously published npm versions on upload:

jupyter_releaser/jupyter_releaser/lib.py

Lines 443 to 451 in ac38c6a

elif suffix == ".tgz":
# Ignore already published versions
try:
util.run(f"{npm_cmd} {name}", cwd=dist_dir, quiet=True, quiet_error=True, echo=True)
except CalledProcessError as e:
stderr = e.stderr
if "EPUBLISHCONFLICT" in stderr or "previously published versions" in stderr:
continue
raise e

it was used in lumino to only publish packages which had versions bumped, but it is no longer working as of today: jupyterlab/lumino#693

I am not sure if it has something to do with jupyterlab/lumino#690, or if NPM just changed the error message. Unfortunately, the error message is not seen in the traceback (which I think should be fixed too).

To see what the error message is we need something like:

         stderr = e.stderr 
         if "EPUBLISHCONFLICT" in stderr or "previously published versions" in stderr: 
             continue
         else:
+            util.log(stderr)
         raise e
@krassowski krassowski added the bug Something isn't working label Mar 25, 2024
@krassowski krassowski mentioned this issue Mar 25, 2024
Merged
@krassowski
Copy link
Contributor Author

When I try to publish an old version of a different package using npm locally, the error message returned by NPM is:

npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@jupyter-lsp%2fjupyterlab-lsp - You cannot publish over the previously published versions: 5.1.0.
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

This one should be picked up by the check above. I wonder if there is a different message when publishing with provenance, or in a newer NPM version.

@krassowski
Copy link
Contributor Author

Maybe it is related to a recent transition to node 20.x? I see NODE_VERSION=20.x in the failing publish job.

@krassowski
Copy link
Contributor Author

Nope, same error message seen locally with node 20.x and npm 10.5.0. I do not see an easy way forward other than merging #564 and testing it out live on lumino to get the error logs.

@blink1073
Copy link
Contributor

I released https://github.com/jupyter-server/jupyter_releaser/releases/tag/v1.8.0

@krassowski
Copy link
Contributor Author

Thank you!

It is failing with:

npm notice
npm ERR! code ENEEDAUTH
npm ERR! need auth This command requires you to be logged in to https://registry.npmjs.org/
npm ERR! need auth You need to authorize this machine using `npm adduser`

So this looks like configuration issue for lumino rather than what I initially suspected. Is there documentation on how to configure it to work, or do you know how to fix it?

@blink1073
Copy link
Contributor

Ah, I think I accidentally deleted the NPM_TOKEN secret, I just added it back.

@krassowski
Copy link
Contributor Author

Thanks, this helped!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blink1073 @krassowski