Dry run still tries to connect to git

[atdiff]

Current behavior

When running semantic-release --dry-run --ci false, git errors occur.

Expected behavior

On a dry-run, git shouldn't be needed, right? And particularly with ci turned off.

Environment

• semantic-release version: 15.13.3
• CI environment: Jenkins
• Plugins used: @semantic-release/npm, semantic-release-verify-deps
• semantic-release configuration:

{
  "name": "example",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "repository": {
    "type": "git",
    "url": "http://gitexample.com/gitexample/example.git"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "@example/example": "0.0.1"
  },
  "publishConfig": {
    "registry": "http://nexusexample.com/repository/npm-internal/",
    "tag": "latest"
  },
  "release": {
    "branch": "origin/master",
    "plugins": [
      "@semantic-release/npm",
      "@semantic-release/git"
    ],
    "verifyConditions": [
      {
        "path": "semantic-release-verify-deps",
        "dependencies": true,
        "devDependencies": false,
        "regExps": [
          "\\D$"
        ]
      }
    ]
  },
  "devDependencies": {
    "@semantic-release/npm": "^5.1.4",
    "@semantic-release/git": "^7.0.8",
    "semantic-release-verify-deps": "^1.0.2"
  }
}

• CI logs:

[1:36:52 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "semantic-release-verify-deps"
2019-04-30T01:36:52.912Z semantic-release:plugins options for @semantic-release/commit-analyzer/analyzeCommits: {}
[1:36:52 AM] [semantic-release] › ✔  Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
2019-04-30T01:36:52.913Z semantic-release:plugins options for @semantic-release/npm/prepare: {}
[1:36:52 AM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/npm"
2019-04-30T01:36:52.913Z semantic-release:plugins options for @semantic-release/git/prepare: {}
[1:36:52 AM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/git"
2019-04-30T01:36:52.914Z semantic-release:plugins options for @semantic-release/npm/publish: {}
[1:36:52 AM] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/npm"
[1:36:52 AM] [semantic-release] › ⚠  Run automated release from branch origin/master in dry-run mode
2019-04-30T01:39:02.256Z semantic-release:git Error: Command failed: git push --dry-run http://gitexample.com/gitexample/example.git HEAD:origin/master
fatal: unable to access 'http://gitexample.com/gitexample/example.git': Failed to connect to 52.61.117.207 port 80: Connection timed out
    at makeError (/var/lib/jenkins/.npm/_npx/2806/lib/node_modules/semantic-release/node_modules/execa/index.js:174:9)
    at Promise.all.then.arr (/var/lib/jenkins/.npm/_npx/2806/lib/node_modules/semantic-release/node_modules/execa/index.js:278:16)
    at process._tickCallback (internal/process/next_tick.js:68:7)
[1:41:13 AM] [semantic-release] › ✖  EGITNOPERMISSION The push permission to the Git repository is required.
semantic-release cannot push the version tag to the branch origin/master on remote Git repository with URL http://gitexample.com/gitexample/example.git.

Please refer to the authentication configuration documentation (https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#authentication) to configure the Git credentials on your CI environment and make sure the repositoryUrl (https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#repositoryurl) is configured with a valid Git URL (https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols).

{ SemanticReleaseError: The push permission to the Git repository is required.
    at module.exports (/var/lib/jenkins/.npm/_npx/2806/lib/node_modules/semantic-release/lib/get-error.js:6:10)
    at run (/var/lib/jenkins/.npm/_npx/2806/lib/node_modules/semantic-release/index.js:77:11)
    at process._tickCallback (internal/process/next_tick.js:68:7)
  name: �[32m'SemanticReleaseError'�[39m,
  code: �[32m'EGITNOPERMISSION'�[39m,
  details:
   �[32m'**semantic-release** cannot push the version tag to the branch `origin/master` on remote Git repository with URL `http://gitexample.com/gitexample/example.git`.\n\nPlease refer to the [authentication configuration documentation](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/ci-configuration.md#authentication) to configure the Git credentials on your CI environment and make sure the [repositoryUrl](https://github.com/semantic-release/semantic-release/blob/master/docs/usage/configuration.md#repositoryurl) is configured with a [valid Git URL](https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols).'�[39m,
  semanticRelease: �[33mtrue�[39m }Build step 'Execute shell' marked build as failure
Finished: FAILURE

[mrchief]

I get a slightly different error message but essentially same error

A GitHub personal token (https://github.com/semantic-release/github/blob/master/README.md#github-authentication) must be created and set in the GH_TOKEN or GITHUB_TOKEN environment variable on your CI environment.

Please make sure to create a GitHub personal token (https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line) and to set it in the GH_TOKEN or GITHUB_TOKEN environment variable on your CI environment. The token must allow to push to the repository ....

[pvdlg]

On a dry-run, git shouldn't be needed, right? And particularly with ci turned off.

Yes Git is needed on a Dry-run for several reasons:

• Making sure that if it works on a dry-run it will run on a real one as well
• Unshallow the repo to have access to all tags
• Reading the tags to figure out the last and next release
• Reading the commits to figure out the next release
• Making sure your local branch is up to date with the remote

The push permission are not required in dry-run, however we still check for it as the main use case for dry-run is to make sure everything is set up properly and will work on a real run.
We want to avoid the situation were dry-run works but the real one fails.

[mrchief]

@pvdlg Makes sense. However, an option to preview what the release would do without requiring those tokens will be mighty helpful. I basically want to see what the changelog would look like and what the next semver would be.

[pvdlg]

I'm guessing you want to test from local machine?
If yes, how come you don't have access to the repo on which you are working?

[mrchief]

I'm guessing you want to test from local machine?

Yes

If yes, how come you don't have access to the repo on which you are working?

I do. But I don't want to create tokens every time I want to do a dry run. And I don't want to store tokens in plain text somewhere.

[pvdlg]

How do you authenticate when you push a commit to your remote?
You should just authenticate the same way when you run a dry-run.

[mrchief]

That is the whole point of this issue - not needing to authenticate. All the git history is available locally already.

[eps1lon]

Bit confused by this as well: The remote I have full access to doesn't need credentials when I push/fetch because it uses the ssh keys. But for the dry run I should insert my credentials all of the sudden? And the one working on the release scripts shouldn't be required to also have publish/write permissions for the repo.

Edit:

details:
'semantic-release cannot push the version tag to the branch master on remote Git repository with URL https://github.com/reactjs/react-transition-group.git

Neither do I want to push to that remote nor do I want to push at all. The error message is a bit confusing for a dry-run

[DarthVanger]

Would be great to have a command to only analyze the commits and see what's going to be published

semantic-release --analyze-commits

Or args to ignore git and npm push permissions during dry run:

semantic-release --dry-run --skip-git-push-check --skip-npm-push-check

[Badisi]

This issue must be reopened.
A local dry-run cannot use ssh keys (because SR uses GitHub API and they requires tokens).
Tokens cannot be put under version control and generating them each time on the fly to do a dry-run is fastidious.
And other than that we might also be in the need to do a dry-run while offline.

Can you please reconsider @DarthVanger proposal ?
Thanks!