dogs
dogs copied to clipboard
Bug: semantic-release doesn't work with npm automation tokens.
We have 2fa for auth-and-writes and use an automation token for best practices. But semantic-release doesn't support this yet:
- Upstream issue: https://github.com/semantic-release/npm/issues/277
- Example failed publish build: https://github.com/FormidableLabs/dogs/runs/1289482234?check_suite_focus=true
Tasks
We've bandaided over this with lower npm privileges and different access tokens.
- [ ] Track https://github.com/semantic-release/npm/issues/277 and then update this project as follows:
- [ ] Replace
NPM_TOKEN
secret with 1password IC vault fieldGitHub Actions CI/CD Publish Token -- Automation (NPM_TOKEN)
. (We're currently usingGitHub Actions CI/CD Publish Token -- Publish (NPM_TOKEN)
- [ ] In npm as superadmin (probably @ryan-roemer ) switch https://www.npmjs.com/package/@formidable/dogs/access from
Two-factor authentication is not required
toRequire two-factor authentication or automation tokens
. - [ ] In npm account for
dogs-ci
, switch 2fa from auth only to auth and publishing.
Passes dry-run but fails with: https://github.com/FormidableLabs/dogs/runs/1289694860?check_suite_focus=true
[11:27:50 PM] [semantic-release] › ✖ An error occurred while running semantic-release: Error: Command failed with exit code 1: npm publish /home/runner/work/dogs/dogs --userconfig /tmp/b10c224299af95c3c26e706f8c3afb55/.npmrc --tag latest --registry https://registry.npmjs.org/
npm notice
npm notice 📦 @formidable/[email protected]
npm notice === Tarball Contents ===
npm notice 1.1kB LICENSE
npm notice 13.8kB dist/index.js
npm notice 1.1kB package.json
npm notice 3.3kB README.md
npm notice 194B dist/index.d.ts
npm notice === Tarball Details ===
npm notice name: @formidable/dogs
npm notice version: 1.1.0
npm notice package size: 6.8 kB
npm notice unpacked size: 19.4 kB
npm notice shasum: 54444900442c750e2ea69c708ceb011904d68bab
npm notice integrity: sha512-/U6uel7pod136[...]YWKwzfS4VMvQw==
npm notice total files: 5
npm notice
npm ERR! code EOTP
npm ERR! This operation requires a one-time password from your authenticator.
npm ERR! You can provide a one-time password by passing --otp=<code> to the command you ran.
npm ERR! If you already provided a one-time password then it is likely that you either typoed
npm ERR! it, or it timed out. Please try again.
npm ERR! A complete log of this run can be found in:
npm ERR! /home/runner/.npm/_logs/2020-10-21T23_27_50_211Z-debug.log
Interesting:
$ NPM_TOKEN=<SNIPPED> npm publish
from my laptop does indeed fail even though it's auth-only account + token. Will investigate more and publish the failed publish from my laptop before doing another automation fix.
Ah -- it was a setting I did and forgot on the package itself to require 2fa!
Manually published @formidable/[email protected]
and existing publish token should now work for future commits. (We're still in bandaid mode, but our next GH action should actually publish...)
Can confirm that the Publish
ci action worked successfully - https://github.com/FormidableLabs/dogs/runs/4407344896?check_suite_focus=true
Hi @robwalkerco -- I don't think this is actually implemented as we haven't enabled 2fa for this project in npm and we're using a normal publish token, not an npm "automation" token (which means we update our secrets).