New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'The push permission to the Git repository is required' v2 #708
Comments
I just tested in Then we run
What do you get when you run in terminal the following:
Can you also run semantic-release with the |
Both work (but I have to enter the username and password for
Debug RunsWith
With
It seems like the dry runs are happening at different times in the two cases. And in the In the |
So in the case of With As far as I can tell everything works as expected:
It seems your token is correct but the password you are entering is not. |
I use a token as a password and it is the same I used for all the other tests. I didn't type it manually. The same token is also already in use in many other of our repos (although they use older versions of semantic release). And in all cases the For me it doesn't make sense that it behaves differently depending on how the url is specified. Furthermore if the But I don't mind much. I just observed this behaviour and thought you might find it interesting. |
There seems to be a bug in semantic-release: semantic-release/semantic-release#708
When you get the prompt it's a prompt from If you run semantic-release behave differently because:
The problem is that in the first case you try to use a GitHub token as a password which is not supported and in the second one use I'm afraid there is no much we can do in semantic-release. Testing all the possible cases of valid URL for node |
Regarding github so there is no confusion, I'm talking about the personal access tokens: https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/ |
It seems I was mistaken and the token can be used in the The prompt for username/password is from the |
I understand this is a weird bug. And it might only occur in some scenarios or locally. But at least in some indirect way (dependencies?) it is connected, because: With a valid By now, I'm just curious what is going on :) |
And the token as a password thingy is super useful if you use two-factor authentication... |
Do you currently have this behavior when you test the different version? As if you explicitly install semantic-release@15.0.2 and test? Can it be due to something that changed in your environment? |
I'm setting semantic-release up in a repo and I also removed the |
I'm not sure I understand your test. Did you explicitly test with |
I just saw than wen creating a personal access token it works if the token does not get any additional permissions. If the token gets the So it seems that depending on how you test if the connection works you get different results from the same token. As the permissions on the token are good enough in both cases (for a public repository that is). |
I'm totally lost as that point. I still don't know if you are currently experiencing a different behavior when doing:
Regarding the verification semantic-release verify the push access the same way in 15.0.2 and 15.1.2 with |
The removal of the node modules doesn't change anything. It's consistent on my machine: In 15.0.2 when providing the GH_TOKEN it just worked. no prompting of anything. |
I tester the 3 version you mention and in all cases I get the prompt for the user password. Version 15.0.2: npm install semantic-release@15.0.2
semantic-release --debug --repository-url https://wrong_user@github.com/semantic-release/semantic-release.git --dry-run
[Semantic release]: Running semantic-release version 15.0.2
Password for 'https://wrong_user@github.com': Version 15.0.3: npm install semantic-release@15.0.3
semantic-release --debug --repository-url https://wrong_user@github.com/semantic-release/semantic-release.git --dry-run
[Semantic release]: Running semantic-release version 15.0.3
Password for 'https://wrong_user@github.com': Version 15.1.2: npm install semantic-release
semantic-release --debug --repository-url https://wrong_user@github.com/semantic-release/semantic-release.git --dry-run
[Semantic release]: Running semantic-release version 15.1.2
Password for 'https://wrong_user@github.com': So as far as I can tell all 3 versions behave the same, at least on my machine. Do you have a reproduction scenario that I can use to debug? |
When passing I guess the differences in the execution path depending on how the --repository-url is formatted cause the issues I see. Maybe it is enough to reproduce the issue if you remove your user/password from the keychain (I myself don't have them in my keychain). I can't add the user/password to my keychain to test as I use two-factor authentication. |
I tried remove everything git related in my keychain and remove the GitHub ssl key I have installed. The only change that was made between those version is that we expand the shorthand URLs ( As far as I can tell semantic-release behave as expected. So I guess we can close this issue? If you'd like to investigate why you have a different behavior between different versions feel free to do so, but you would have to troubleshoot and debug on your own as it seems it happens only with your environment. I can help but without detailed steps to reproduce I can't do much. If this investigation leads to finding an actual bug, then you can open a new issue with the relevant information. |
Thanks for looking into it! And feel free to close. As an input you may consider that if the GH_TOKEN is provided that semantic-release tries to push with the https url and the token first: In my usecase when testing locally before pushing the semantic-release setup to my repo the fallbacks are actually not really desirable. Thanks again! |
release 15.1.3 fixes the issues! 🥇 Now I can close it myself :) |
That's the way if was working before (in 13.x.x or 12.x.x I think) but we changed that as in some case you want to have different method of authentication between the There is many many uses cases around that, and they are really difficult to test as they involve proprietary Git repo, private GitHub/GitLab/Bitbucket instance, private CI, private authentication mechanism etc... The implementation decision have mostly been made for running in a CI environment as it's the most common and the recommended way to use semantic-release. Also we assume that in most cases when running locally authentication will not be necessary as the vast majority of users would have their credentials stored in some sort of keychain, or would have installed ssh keys, because you don't want to type your password every time you push... |
I really don't understand how...But great news anyway! |
We have an organisation setup with a bot-account that has the necessary permissions for CI integrations and publishing to npm. And we force all users to activate two-factor authentication. And I mostly want semantic-release to work exactly the same as it would on the CI for testing and as an emergency fallback when the CI is down but using the same tokens locally as we would on the CI. But I completely understand if you optimise for the use cases the majority of your users care about. Keep up the good work! |
We just ran into the same issue. Hard one to debug :) Since we do heavy enforcement through js-gardener we'll update that there... blackflux/js-gardener#249 |
Hey I'm running into this issue on this repository: https://github.com/lastmjs/guesswork I don't know what's wrong, I'm using CirclecCI, my token is updated and put in correctly, I'm using a version of semantic-release above 15.1.3, and my url starts with https://...any suggestions? |
Current behavior
npx semantic-release -d
reports 'The push permission to the Git repository is required.' or asks for the username and password even ifGH_TOKEN
is set depending on how the repositoryUrl is specified in thepackage.json
.Test results for different values for repository.url in the
package.json
.Note: As password an accessToken was used.
These are the results for version
15.0.3
:https://github.com/upfrontIO/microschema
-> asks for username and password twice, but works.//github.com/upfrontIO/microschema
-> works as expectedgithub.com/upfrontIO/microschema
-> I get 'The push permission to the Git repository is required.'upfrontIO/microschema
-> I get 'The push permission to the Git repository is required.'Note: Versions prior to
15.0.3
did not ask for username and password when the urlhttps://github.com/upfrontIO/microschema
was used.Same tests with
15.1.2
:https://github.com/upfrontIO/microschema
-> asks for username and password once, then 'The push permission to the Git repository is required.'.//github.com/upfrontIO/microschema
-> works as expectedgithub.com/upfrontIO/microschema
-> 'The push permission to the Git repository is required.'upfrontIO/microschema
-> asks for username and password once, then 'The push permission to the Git repository is required.'.Expected behavior
Consistent behaviour regardless of how the repositoryUrl is specified.
Environment
The text was updated successfully, but these errors were encountered: