Closed
Description
Hi,
I've got an issue.
Even if a npm package altready exists with the current version, the gh action wants to publish it again:
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@xxx%2fxxx - You cannot publish over the previously published versions: 0.34.0.
My GH action:
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
uses: JS-DevTools/npm-publish@v2.2.1
with:
access: "public"
token: ${{ env.NPM_TOKEN }}
package: ${{github.workspace}}/sdk/nodejs/bin/package.json
provenance: true
I've tried with strategy: upgrade
without success.
Thanks
Activity
scraly commentedon Sep 12, 2023
After several tried, the strategy upgrade resolved it... crossed fingers for the next time :)
mcous commentedon Sep 12, 2023
Hi @scraly, that doesn't sound good. Is this the repository? https://github.com/ovh/pulumi-ovh
If so, I believe the cause is that in your
package.json
, theversion
field isv0.34.0
. I've always seen theversion
field without thev
, because that's what thenpm version
command writes.I didn't truthfully know that
npm
would accept that! But, sincenode-semver
can parse it,npm
seems happy. The bug innpm-publish
is that it only checks strings in the default strategy. It callsnpm info @ovh-devrelteam/pulumi-ovh
and receives0.34.0
fromnpm
. Since0.34.0 !== v0.34.0
(from npm and the package.json, respectively), it tries to publish.The reason
strategy: upgrade
works is because in the upgrade strategy, we pass both versions intonode-semver
to compare them[-]Try to publish npm package even if already exists in the registry[/-][+]`v`-prefix in `package.json` version causes false negative during version comparison[/+]fix: use validated package.json version in manifest
fix: use validated package.json version in manifest (#147)