Releasing from GitHub Actions npm ERR!! code ENEEDAUTH #82
Labels
question
Further information is requested
Comments
|
Hey, @EricCrosson, - name: Configure npm
run: |
echo '//registry.npmjs.org/:_authToken=${NPM_TOKEN}' > .npmrc
cat .npmrc
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}It seems, that you pass UPD await outputFile(
npmrc,
`${currentConfig ? `${currentConfig}\n` : ''}${nerfDart(registry)}:_authToken = \${NPM_TOKEN}`
);It appends a new line with token to |
|
Hi @antongolub, thanks for the pointers :) I think that was an artifact of 1 million trial runs, I currently have so I figure the npmrc is now configured correctly. In response to your update -- so if I am understanding correctly, I should not need to configure the This seems to match several examples I found by digging through the "Used By" section on this project's readme -- there was nothing special I found in their github actions page, just a plain call to UPDATE When I remove my custom .npmrc file, I get the error This is with an |
|
Let's investigate what uses: actions/setup-node@v2
with:
node-version: 'lts/*'
registry-url: https://registry.npmjs.org
always-auth: trueWhen // Remove http: or https: from front of registry.
const authString: string =
registryUrl.replace(/(^\w+:|^)/, '') + ':_authToken=${NODE_AUTH_TOKEN}';
const registryString: string = scope
? `${scope}:registry=${registryUrl}`
: `registry=${registryUrl}`;
const alwaysAuthString: string = `always-auth=${alwaysAuth}`;
newContents += `${authString}${os.EOL}${registryString}${os.EOL}${alwaysAuthString}`;For an experiment, I would suggest removing this const path = require('path');
const rc = require('rc');
const getRegistryUrl = require('registry-auth-token/registry-url');
module.exports = ({publishConfig: {registry} = {}, name}, {cwd, env}) =>
registry ||
env.NPM_CONFIG_REGISTRY ||
getRegistryUrl(
name.split('/')[0],
rc(
'npm',
{registry: 'https://registry.npmjs.org/'},
{config: env.NPM_CONFIG_USERCONFIG || path.resolve(cwd, '.npmrc')}
)
); |
|
Here's a valid release config example for msr + gh-actions: BTW FYI, unfortunately, different gh-actions files cannot cross-refer to their steps via |
|
You can run msr locally for debug: |
|
@antongolub, you have correctly assessed that I am new to GitHub Actions, thanks for linking to the qiki/semantic-release-toolkit which is a great example. Unfortunately, the call to msr is a straightforward one! I still cannot discern what's going wrong on my end. I am able to reproduce this error on my local workstation: full output
What I find baffling is that the error I'm receiving is that my npm token is bad, but my npm username (hamroctopus) is being printed numerous times. I believe this comes from a call to some Even more astounding is when I remove full output
I have tried npm Publish and Automation type npm tokens, I can't recall from the hundreds of attempts if the error messages are different or identical, but neither has been successful. The fact that I get ENEEDAUTH errors locally means none of my GitHub Actions configuration is the lone culprit... 🤔 |
|
It is important for us to find the source of the problem. I'll try to debug your case tomorrow. |
|
I am very grateful for your help |
|
Getting closer to a root cause -- it seems that the body of this try block fails some of the time: https://github.com/semantic-release/npm/blob/7338fc25de82058ea83b1e6e6669707036c2d96a/lib/verify-auth.js#L21 but not all of the time, as I am seeing my username print many times. I instrumented this .js file in my node_modules with some module.exports = async (npmrc, pkg, context) => {
const {
cwd,
env: {DEFAULT_NPM_REGISTRY = 'https://registry.npmjs.org/', ...env},
stdout,
stderr,
} = context;
const registry = getRegistry(pkg, context);
console.log('>>> npmrc is', npmrc)
await setNpmrcAuth(npmrc, registry, context);
console.log('>>> Temporary npmrc is')
try {
console.log(fs.readFileSync(npmrc, 'utf-8'))
} catch (error) {
console.log('>>> unable to read file', error.message)
}
console.log('>>> normalizedUrl(registry)', normalizeUrl(registry))
console.log('>>> normalizedUrl(DEFAULT_NPM_REGISTRY)', normalizeUrl(DEFAULT_NPM_REGISTRY))
if (normalizeUrl(registry) === normalizeUrl(DEFAULT_NPM_REGISTRY)) {
try {
const whoamiResult = execa('npm', ['whoami', '--userconfig', npmrc, '--registry', registry], {cwd, env});
whoamiResult.stdout.pipe(stdout, {end: false});
whoamiResult.stderr.pipe(stderr, {end: false});
await whoamiResult;
} catch (error) {
console.log('>>> Error is', error.message)
throw new AggregateError([getError('EINVALIDNPMTOKEN', {registry})]);
}
}
};and I see Interestingly, the try/catch seems necessary around the I should note that I am on @semantic-release/npm v 7.1.3. I tried reproducing the $ npm whoami --registry https://registry.npmjs.org --scope=@typescript-tools
hamroctopusand I thought it might be a rate limit thing so I ran it asynchronously 100 times in a for loop and all 100 succeeded. Still digging |
|
I wanted to make sure it was not the case that program execution was continuing on to a different I found this potentially related ticket, fixed 4 days ago in @semantic-release/npm v 8.0.2 semantic-release/npm#413 but the NPM_TOKEN used in the temporary npmrc file match the environment variable I'm using, so that seems unlikely |
|
I was able to deploy locally! I had to comment out these three lines in my local copy of @semantic-version/npm: https://github.com/semantic-release/npm/blob/master/index.js#L42-L44 As a result, I'm going to consider this a bug with @semantic-release/npm and open an issue there instead. I hope to update here when I have a successful resolution. Again, thank you so much for your help @antongolub. You really went above and beyond to help me get a working setup. |
|
Nice to know, that you've found a workaround! Anyway, I've updated release-testing demo repo to show how msr may be used with gh-actions. |
|
Yet another temporary workaround: https://github.com/semrel-extra/npm |
|
Beautiful! |
|
I was running into a similar issue but getting a But the code in #82 (comment) solved it for me so I'm hoping the helps someone else eventually. 
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, this is a cool package! I'm really excited to get it working
What I've done:
npx multi-semantic-release, passing the github token and npm token env varsThis is all visible here
What I expected to happen:
multi-semantic-releaseis able to publish npm packages to registry.npmjs.orgWhat actually happens:
I am consistently getting the same error,
visible here: https://github.com/typescript-tools/typescript-tools/runs/3975804717?check_suite_focus=true
I've tried every variation of configuration I can imagine over the past day. Do you know what I'm doing wrong / do you have a working example I can compare against?
The text was updated successfully, but these errors were encountered: