GITHUB_TOKEN fails to authenticate

[rmclaughlin-nelnet]

When we merge to master we run a release using semantic-release. However sometimes the release fails to publish because the GITHUB_TOKEN is invalid. The error does not occur every time, and usually I can just rerun the workflow and it will work. This is not ideal and I would like it to be more stable.

Here is our workflow

name: On Master
on:
  push:
    branches:
      - 'master'
jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v1
    - name: Setup node
      uses: actions/setup-node@v1
      with:
        node-version: '12.x'
        registry-url: 'https://npm.pkg.github.com'
        scope: '<redacted>'
    - name: Install dependencies
      run: npm ci
      env:
        NODE_AUTH_TOKEN: ${{ secrets.PACKAGE_READ_TOKEN }}
    - name: Run lint
      run: npm run lint
    - name: Run test
      run: npm test
    - name: Run coverage
      run: npm run coverage
    - name: Run release
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: npm run release

Here is the error we are getting

npm ERR! code E401
npm ERR! 401 Unauthorized - PUT https://npm.pkg.github.com/<redacted> - Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.

Any idea what could be causing this or how to fix it?

[jsoref]

Out of curiosity, is a human merging or a GitHub workflow?

[Willshaw]

@rmclaughlin-nelnet did you get this fixed? I’m getting the same error although on every release

[rmclaughlin-nelnet]

It turned out to be the token we were using had expired.