You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I posted this directly on the semantic-release/gitlab project but I believe this is actually an issue with the semantic-release/npm package.
I'm trying to use semantic-release to publish to a scoped private registry on gitlab but I keep getting error because it's trying to auth against the public registry instead the private one.
Here are my settings (with some things obscured)
package.json
I've tried multiple ways of running it from local which prompts me for username and password multiple times (for password I use a gitlab personal access token) and from CI/CD using:
It's worth noting that the exact steps on the CI/CD have changed a lot since I've been testing multiple things like not passing the vars on the call and making sure they are all setup directly on gitlab but nothing works.
For environment variables I have NPM_TOKEN, GL_TOKEN, GITLAB_TOKEN.
Here is the actual error when running locally:
> @mygroup/npm_registry@1.0.12 semantic-release
> semantic-release
[11:36:42 a.m.] [semantic-release] › ℹ Running semantic-release version 17.4.4
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/gitlab"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/git"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "prepare" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "prepare" from "@semantic-release/git"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "publish" from "@semantic-release/gitlab"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "publish" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ✔ Loaded plugin "addChannel" from "@semantic-release/npm"
[11:36:42 a.m.] [semantic-release] › ⚠ This run was not triggered in a known CI environment, running in dry-run mode.
j[11:36:56 a.m.] [semantic-release] › ⚠ Run automated release from branch main on repository https://gitlab.com/mygroup/randomStuff/npm_registry in dry-run mode
[11:37:00 a.m.] [semantic-release] › ✔ Allowed to push to the Git repository
[11:37:00 a.m.] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/gitlab"
[11:37:00 a.m.] [semantic-release] [@semantic-release/gitlab] › ℹ Verify GitLab authentication (https://gitlab.com/api/v4)
[11:37:00 a.m.] [semantic-release] › ✖ Failed step "verifyConditions" of plugin "@semantic-release/gitlab"
[11:37:00 a.m.] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/npm"
[11:37:00 a.m.] [semantic-release] [@semantic-release/npm] › ℹ Verify authentication for registry https://registry.npmjs.org/
[11:37:00 a.m.] [semantic-release] [@semantic-release/npm] › ℹ Reading npm config from /home/user/Work/git/npm_registry/.npmrc
[11:37:00 a.m.] [semantic-release] [@semantic-release/npm] › ℹ Wrote NPM_TOKEN to /tmp/6a8800c051f3e40927850be223835151/.npmrc
npm ERR! code E401
npm ERR! 401 Unauthorized - GET https://registry.npmjs.org/-/whoami
npm ERR! A complete log of this run can be found in:
npm ERR! /home/user/.npm/_logs/2021-07-22T18_37_01_006Z-debug.log
[11:37:01 a.m.] [semantic-release] › ✖ Failed step "verifyConditions" of plugin "@semantic-release/npm"
[11:37:01 a.m.] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/git"
[11:37:01 a.m.] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/git"
[11:37:01 a.m.] [semantic-release] › ✖ EINVALIDNPMTOKEN Invalid npm token.
The npm token (https://github.com/semantic-release/npm/blob/master/README.md#npm-registry-authentication) configured in the NPM_TOKEN environment variable must be a valid token (https://docs.npmjs.com/getting-started/working_with_tokens) allowing to publish to the registry https://registry.npmjs.org/.
If you are using Two Factor Authentication for your account, set its level to "Authorization only" (https://docs.npmjs.com/getting-started/using-two-factor-authentication#levels-of-authentication) in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.
Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.
[11:37:01 a.m.] [semantic-release] › ✖ An error occurred while running semantic-release: HTTPError: Response code 403 (Forbidden)
at EventEmitter.<anonymous> (/home/user/Work/git/npm_registry/node_modules/got/dist/source/as-promise.js:118:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5) {
pluginName: '@semantic-release/gitlab'
}
AggregateError:
HTTPError: Response code 403 (Forbidden)
at EventEmitter.<anonymous> (/home/user/Work/git/npm_registry/node_modules/got/dist/source/as-promise.js:118:31)
SemanticReleaseError: Invalid npm token.
at module.exports (/home/user/Work/git/npm_registry/node_modules/@semantic-release/npm/lib/get-error.js:6:10)
at module.exports (/home/user/Work/git/npm_registry/node_modules/@semantic-release/npm/lib/verify-auth.js:26:33)
at async verifyConditions (/home/user/Work/git/npm_registry/node_modules/@semantic-release/npm/index.js:36:7)
at async validator (/home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/normalize.js:34:24)
at async /home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/pipeline.js:37:34
at async Promise.all (index 0)
at async next (/home/user/Work/git/npm_registry/node_modules/p-reduce/index.js:16:18)
at /home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/pipeline.js:54:11
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at async Object.pluginsConf.<computed> [as verifyConditions] (/home/user/Work/git/npm_registry/node_modules/semantic-release/lib/plugins/index.js:80:11)
at async run (/home/user/Work/git/npm_registry/node_modules/semantic-release/index.js:95:3)
at async module.exports (/home/user/Work/git/npm_registry/node_modules/semantic-release/index.js:260:22)
at async module.exports (/home/user/Work/git/npm_registry/node_modules/semantic-release/cli.js:55:5)
I get the same when running through CI/CD
Not sure if it helps but here is the folder structure also:
After a while I realized that if I change the private field on the package.json from false to true I no longer get the error but it skips the actual publish of the npm package.
I get the following:
...
[12:13:39 AM] [semantic-release] › ℹ Start step "publish" of plugin "@semantic-release/gitlab"
[12:13:40 AM] [semantic-release] [@semantic-release/gitlab] › ℹ Published GitLab release: v1.0.4
[12:13:40 AM] [semantic-release] › ✔ Completed step "publish" of plugin "@semantic-release/gitlab"
[12:13:40 AM] [semantic-release] › ℹ Start step "publish" of plugin "@semantic-release/npm"
[12:13:40 AM] [semantic-release] [@semantic-release/npm] › ℹ Skip publishing to npm registry as package.json's private property is true
[12:13:40 AM] [semantic-release] › ✔ Completed step "publish" of plugin "@semantic-release/npm"
[12:13:40 AM] [semantic-release] › ✔ Published release 1.0.4 on default channel
....
Thanks
The text was updated successfully, but these errors were encountered:
the .npmrc file uses ini format, which your example does not follow. your registry definition should use a = rather than a and does not need to be quoted. here is an example from the npm docs: https://docs.npmjs.com/cli/v7/configuring-npm/npmrc#comments
Hi,
I posted this directly on the semantic-release/gitlab project but I believe this is actually an issue with the semantic-release/npm package.
I'm trying to use semantic-release to publish to a scoped private registry on gitlab but I keep getting error because it's trying to auth against the public registry instead the private one.
Here are my settings (with some things obscured)
package.json
.npmrc (The authTokens are personal tokens with full access)
.releaserc.json
I've tried multiple ways of running it from local which prompts me for username and password multiple times (for password I use a gitlab personal access token) and from CI/CD using:
.gitlab-ci.yaml
It's worth noting that the exact steps on the CI/CD have changed a lot since I've been testing multiple things like not passing the vars on the call and making sure they are all setup directly on gitlab but nothing works.
For environment variables I have NPM_TOKEN, GL_TOKEN, GITLAB_TOKEN.
Here is the actual error when running locally:
I get the same when running through CI/CD
Not sure if it helps but here is the folder structure also:
After a while I realized that if I change the private field on the package.json from
false
totrue
I no longer get the error but it skips the actual publish of the npm package.I get the following:
Thanks
The text was updated successfully, but these errors were encountered: