gitlab
gitlab copied to clipboard
semantic-release
[Help] An error occurred while making a request to the GitLab release API: HTTPError: Response code 403 (Forbidden)
I get this error when executing the plugin in a Gitlab CI pipeline. It only happens the first time, because in the second execution it works fine.
I have a GL_TOKEN with the right permissions over the project.
Could anyone help?
++ npx semantic-release
[7:16:31 AM] [semantic-release] › ℹ Running semantic-release version 23.0.8
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/changelog"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/git"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/gitlab"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "prepare" from "@semantic-release/changelog"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "prepare" from "@semantic-release/git"
[7:16:31 AM] [semantic-release] › ✔ Loaded plugin "publish" from "@semantic-release/gitlab"
[7:16:36 AM] [semantic-release] › ✔ Run automated release from branch main on repository https://gitlab-ci-token:[secure]@gitlab.com/(my-project).git
[7:16:37 AM] [semantic-release] › ✔ Allowed to push to the Git repository
[7:16:37 AM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/gitlab"
[7:16:37 AM] [semantic-release] [@semantic-release/gitlab] › ℹ Verify GitLab authentication (https://gitlab.com/api/v4)
[7:16:37 AM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/gitlab"
[7:16:37 AM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/git"
[7:16:37 AM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/git"
[7:16:37 AM] [semantic-release] › ℹ Found git tag v1.0.6 associated with version 1.0.6 on branch main
[7:16:37 AM] [semantic-release] › ℹ Found 2 commits since last release
[7:16:37 AM] [semantic-release] › ℹ Start step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ Analyzing commit: Merge branch 'renovate/github.com-spf13-cobra-1.x' into 'main'
fix(deps): update module github.com/spf13/cobra to v1.8.0
See merge request (my-mr)
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ The commit should not trigger a release
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ Analyzing commit: fix(deps): update module github.com/spf13/cobra to v1.8.0
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ The release type for the commit is patch
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ Analysis of 2 commits complete: patch release
[7:16:37 AM] [semantic-release] › ✔ Completed step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[7:16:37 AM] [semantic-release] › ℹ The next release version is 1.0.7
[7:16:37 AM] [semantic-release] › ℹ Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:37 AM] [semantic-release] › ✔ Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:37 AM] [semantic-release] › ℹ Start step "prepare" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] [@semantic-release/changelog] › ℹ Update /builds/my_project/CHANGELOG.md
[7:16:37 AM] [semantic-release] › ✔ Completed step "prepare" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] › ℹ Start step "prepare" of plugin "@semantic-release/git"
[7:16:37 AM] [semantic-release] [@semantic-release/git] › ℹ Found 1 file(s) to commit
[7:16:39 AM] [semantic-release] [@semantic-release/git] › ℹ Prepared Git release: v1.0.7
[7:16:39 AM] [semantic-release] › ✔ Completed step "prepare" of plugin "@semantic-release/git"
[7:16:39 AM] [semantic-release] › ℹ Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:39 AM] [semantic-release] › ✔ Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:41 AM] [semantic-release] › ✔ Created tag v1.0.7
[7:16:41 AM] [semantic-release] › ℹ Start step "publish" of plugin "@semantic-release/gitlab"
[7:16:42 AM] [semantic-release] [@semantic-release/gitlab] › ✘ An error occurred while making a request to the GitLab release API:
HTTPError: Response code 403 (Forbidden)
at Request.<anonymous> (file:///builds/my_project/node_modules/got/dist/source/as-promise/index.js:92:42)
at Object.onceWrapper (node:events:[63](https://gitlab.com/my_project/-/jobs/7022066433#L63)4:26)
at Request.emit (node:events:531:35)
at Request._onResponseBase (file:///builds/my_project/node_modules/got/dist/source/core/index.js:604:22)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Request._onResponse (file:///builds/my_project/node_modules/got/dist/source/core/index.js:[64](https://gitlab.com/my_project/-/jobs/7022066433#L64)6:13) {
input: undefined,
code: 'ERR_NON_2XX_3XX_RESPONSE',
timings: {
start: 1717571801926,
socket: 1717571801926,
lookup: 1717571801926,
connect: 1717571801926,
secureConnect: 1717571801926,
upload: 1717571801927,
response: 1717571802076,
end: 1717571802077,
error: undefined,
abort: undefined,
phases: {
wait: 0,
dns: 0,
tcp: 0,
tls: 0,
request: 1,
firstByte: 149,
download: 1,
total: 151
}
},
options: {
request: undefined,
agent: { http: undefined, https: undefined, http2: undefined },
h2session: undefined,
decompress: true,
timeout: {
connect: undefined,
lookup: undefined,
read: undefined,
request: undefined,
response: undefined,
secureConnect: undefined,
send: undefined,
socket: undefined
},
prefixUrl: '',
body: '{"tag_name":"v1.0.7","description":"## [1.0.7](https://gitlab.com/my_project/compare/v1.0.6...v1.0.7) (2024-06-05)\\n\\n\\n### Bug Fixes\\n\\n* **deps:** update module github.com/spf13/cobra to v1.8.0 ([ec8f0ed](https://gitlab.com/my_project/commit/ec8f0ed801c6aac985d[65](https://gitlab.com/my_project/-/jobs/7022066433#L65)e9921c015ace5002b9f))\\n\\n\\n\\n","assets":{"links":[]}}',
form: undefined,
json: undefined,
cookieJar: undefined,
ignoreInvalidCookies: [secure],
searchParams: undefined,
dnsLookup: undefined,
dnsCache: undefined,
context: {},
hooks: {
init: [],
beforeRequest: [],
beforeError: [ [Function (anonymous)] ],
beforeRedirect: [],
beforeRetry: [],
afterResponse: []
},
followRedirect: true,
maxRedirects: 10,
cache: undefined,
throwHttpErrors: true,
username: '',
password: '',
http2: [secure],
allowGetBody: [secure],
headers: {
'user-agent': 'got (https://github.com/sindresorhus/got)',
'private-token': '[secure]',
'content-type': 'application/json',
'content-length': '422',
'accept-encoding': 'gzip, deflate, br'
},
methodRewriting: [secure],
dnsLookupIpVersion: undefined,
parseJson: [Function: parse],
stringifyJson: [Function: stringify],
retry: {
limit: 2,
methods: [ 'GET', 'PUT', 'HEAD', 'DELETE', 'OPTIONS', 'TRACE' ],
statusCodes: [
408, 413, 429, 500,
502, 503, 504, 521,
522, 524
],
errorCodes: [
'ETIMEDOUT',
'ECONNRESET',
'EADDRINUSE',
'ECONNREFUSED',
'EPIPE',
'ENOTFOUND',
'ENETUNREACH',
'EAI_AGAIN'
],
maxRetryAfter: undefined,
calculateDelay: [Function: calculateDelay],
backoffLimit: Infinity,
noise: 100
},
localAddress: undefined,
method: 'POST',
createConnection: undefined,
cacheOptions: {
shared: undefined,
cacheHeuristic: undefined,
immutableMinTimeToLive: undefined,
ignoreCargoCult: undefined
},
https: {
alpnProtocols: undefined,
rejectUnauthorized: undefined,
checkServerIdentity: undefined,
certificateAuthority: undefined,
key: undefined,
certificate: undefined,
passphrase: undefined,
pfx: undefined,
ciphers: undefined,
honorCipherOrder: undefined,
minVersion: undefined,
maxVersion: undefined,
signatureAlgorithms: undefined,
tlsSessionLifetime: undefined,
dhparam: undefined,
ecdhCurve: undefined,
certificateRevocationLists: undefined
},
encoding: undefined,
resolveBodyOnly: [secure],
isStream: [secure],
responseType: 'text',
url: URL {
href: 'https://gitlab.com/api/v4/projects/my_project/releases',
origin: 'https://gitlab.com',
protocol: 'https:',
username: '',
password: '',
host: 'gitlab.com',
hostname: 'gitlab.com',
port: '',
pathname: '/api/v4/projects/my_project/releases',
search: '',
searchParams: URLSearchParams {},
hash: ''
},
pagination: {
transform: [Function: transform],
paginate: [Function: paginate],
filter: [Function: filter],
shouldContinue: [Function: shouldContinue],
countLimit: Infinity,
backoff: 0,
requestLimit: 10000,
stackAllItems: [secure]
},
setHost: true,
maxHeaderSize: undefined,
signal: undefined,
enableUnixSockets: [secure]
},
[cause]: {}
}
[7:16:42 AM] [semantic-release] › ✘ Failed step "publish" of plugin "@semantic-release/gitlab"
[7:16:42 AM] [semantic-release] › ✘ An error occurred while running semantic-release: HTTPError: Response code 403 (Forbidden)
at Request.<anonymous> (file:///builds/my_project/node_modules/got/dist/source/as-promise/index.js:92:42)
at Object.onceWrapper (node:events:634:26)
at Request.emit (node:events:531:35)
at Request._onResponseBase (file:///builds/my_project/node_modules/got/dist/source/core/index.js:604:22)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Request._onResponse (file:///builds/my_project/node_modules/got/dist/source/core/index.js:646:13) {
input: undefined,
code: 'ERR_NON_2XX_3XX_RESPONSE',
timings: {
start: 1[71](https://gitlab.com/my_project/-/jobs/7022066433#L71)7571801926,
socket: 1717571801926,
lookup: 1717571801926,
connect: 1717571801926,
secureConnect: 1717571801926,
upload: 1717571801927,
response: 1717571802076,
end: 1717571802077,
error: undefined,
abort: undefined,
phases: {
wait: 0,
dns: 0,
tcp: 0,
tls: 0,
request: 1,
firstByte: 149,
download: 1,
total: 151
}
},
options: {
request: undefined,
agent: { http: undefined, https: undefined, http2: undefined },
h2session: undefined,
decompress: true,
timeout: {
connect: undefined,
lookup: undefined,
read: undefined,
request: undefined,
response: undefined,
secureConnect: undefined,
send: undefined,
socket: undefined
},
prefixUrl: '',
body: '{"tag_name":"v1.0.7","description":"## [1.0.7](https://gitlab.com/my_project/compare/v1.0.6...v1.0.7) (2024-06-05)\\n\\n\\n### Bug Fixes\\n\\n* **deps:** update module github.com/spf13/cobra to v1.8.0 ([ec8f0ed](https://gitlab.com/my_project/commit/ec8f0ed801c6aac985d65e9921c015ace5002b9f))\\n\\n\\n\\n","assets":{"links":[]}}',
form: undefined,
json: undefined,
cookieJar: undefined,
ignoreInvalidCookies: [secure],
searchParams: undefined,
dnsLookup: undefined,
dnsCache: undefined,
context: {},
hooks: {
init: [],
beforeRequest: [],
beforeError: [ [Function (anonymous)] ],
beforeRedirect: [],
beforeRetry: [],
afterResponse: []
},
followRedirect: true,
maxRedirects: 10,
cache: undefined,
throwHttpErrors: true,
username: '',
password: '',
http2: [secure],
allowGetBody: [secure],
headers: {
'user-agent': 'got (https://github.com/sindresorhus/got)',
'private-token': '[secure]',
'content-type': 'application/json',
'content-length': '422',
'accept-encoding': 'gzip, deflate, br'
},
methodRewriting: [secure],
dnsLookupIpVersion: undefined,
parseJson: [Function: parse],
stringifyJson: [Function: stringify],
retry: {
limit: 2,
methods: [ 'GET', 'PUT', 'HEAD', 'DELETE', 'OPTIONS', 'TRACE' ],
statusCodes: [
408, 413, 429, 500,
502, 503, 504, 521,
522, 524
],
errorCodes: [
'ETIMEDOUT',
'ECONNRESET',
'EADDRINUSE',
'ECONNREFUSED',
'EPIPE',
'ENOTFOUND',
'ENETUNREACH',
'EAI_AGAIN'
],
maxRetryAfter: undefined,
calculateDelay: [Function: calculateDelay],
backoffLimit: Infinity,
noise: 100
},
localAddress: undefined,
method: 'POST',
createConnection: undefined,
cacheOptions: {
shared: undefined,
cacheHeuristic: undefined,
immutableMinTimeToLive: undefined,
ignoreCargoCult: undefined
},
https: {
alpnProtocols: undefined,
rejectUnauthorized: undefined,
checkServerIdentity: undefined,
certificateAuthority: undefined,
key: undefined,
certificate: undefined,
passphrase: undefined,
pfx: undefined,
ciphers: undefined,
honorCipherOrder: undefined,
minVersion: undefined,
maxVersion: undefined,
signatureAlgorithms: undefined,
tlsSessionLifetime: undefined,
dhparam: undefined,
ecdhCurve: undefined,
certificateRevocationLists: undefined
},
encoding: undefined,
resolveBodyOnly: [secure],
isStream: [secure],
responseType: 'text',
url: URL {
href: 'https://gitlab.com/api/v4/projects/my_project/releases',
origin: 'https://gitlab.com',
protocol: 'https:',
username: '',
password: '',
host: 'gitlab.com',
hostname: 'gitlab.com',
port: '',
pathname: '/api/v4/projects/my_project/releases',
search: '',
searchParams: URLSearchParams {},
hash: ''
},
pagination: {
transform: [Function: transform],
paginate: [Function: paginate],
filter: [Function: filter],
shouldContinue: [Function: shouldContinue],
countLimit: Infinity,
backoff: 0,
requestLimit: 10000,
stackAllItems: [secure]
},
setHost: true,
maxHeaderSize: undefined,
signal: undefined,
enableUnixSockets: [secure]
},
pluginName: '@semantic-release/gitlab',
[cause]: {}
}
HTTPError: Response code 403 (Forbidden)
at Request.<anonymous>
(file:///builds/my_project/
node_modules/
got
/dist/source/as-promise/index.js:92:42
)
at Object.onceWrapper (node:events:634:26)
at Request.emit (node:events:531:35)
at Request._onResponseBase
(file:///builds/my_project/
node_modules/
got
/dist/source/core/index.js:604:22
)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Request._onResponse
(file:///builds/my_project/
node_modules/
got
/dist/source/core/index.js:646:13
)
{
input:
undefined
,
code:
'ERR_NON_2XX_3XX_RESPONSE'
,
timings: {
start:
171[75](https://gitlab.com/my_project/-/jobs/7022066433#L75)71801926
,
socket:
1717571801926
,
lookup:
1717571801926
,
connect:
1717571801926
,
secureConnect:
1717571801926
,
upload:
1717571801927
,
response:
1717571802076
,
end:
1717571802077
,
error:
undefined
,
abort:
undefined
,
phases: {
wait:
0
,
dns:
0
,
tcp:
0
,
tls:
0
,
request:
1
,
firstByte:
149
,
download:
1
,
total:
151
}
},
options: {
request:
undefined
,
agent: { http:
undefined
, https:
undefined
, http2:
undefined
},
h2session:
undefined
,
decompress:
true
,
timeout: {
connect:
undefined
,
lookup:
undefined
,
read:
undefined
,
request:
undefined
,
response:
undefined
,
secureConnect:
undefined
,
send:
undefined
,
socket:
undefined
},
prefixUrl:
''
,
body:
'{"tag_name":"v1.0.7","description":"## [1.0.7](https://gitlab.com/my_project/compare/v1.0.6...v1.0.7) (2024-06-05)\\n\\n\\n### Bug Fixes\\n\\n* **deps:** update module github.com/spf13/cobra to v1.8.0 ([ec8f0ed](https://gitlab.com/my_project/commit/ec8f0ed801c6aac985d65e9921c015ace5002b9f))\\n\\n\\n\\n","assets":{"links":[]}}'
,
form:
undefined
,
json:
undefined
,
cookieJar:
undefined
,
ignoreInvalidCookies:
[secure]
,
searchParams:
undefined
,
dnsLookup:
undefined
,
dnsCache:
undefined
,
context: {},
hooks: {
init: [],
beforeRequest: [],
beforeError: [
[Function (anonymous)]
],
beforeRedirect: [],
beforeRetry: [],
afterResponse: []
},
followRedirect:
true
,
maxRedirects:
10
,
cache:
undefined
,
throwHttpErrors:
true
,
username:
''
,
password:
''
,
http2:
[secure]
,
allowGetBody:
[secure]
,
headers: {
'user-agent'
:
'got (https://github.com/sindresorhus/got)'
,
'private-token'
:
'[secure]'
,
'content-type'
:
'application/json'
,
'content-length'
:
'422'
,
'accept-encoding'
:
'gzip, deflate, br'
},
methodRewriting:
[secure]
,
dnsLookupIpVersion:
undefined
,
parseJson:
[Function: parse]
,
stringifyJson:
[Function: stringify]
,
retry: {
limit:
2
,
methods: [
'GET'
,
'PUT'
,
'HEAD'
,
'DELETE'
,
'OPTIONS'
,
'TRACE'
],
statusCodes: [
408
,
413
,
429
,
500
,
502
,
503
,
504
,
521
,
522
,
524
],
errorCodes: [
'ETIMEDOUT'
,
'ECONNRESET'
,
'EADDRINUSE'
,
'ECONNREFUSED'
,
'EPIPE'
,
'ENOTFOUND'
,
'ENETUNREACH'
,
'EAI_AGAIN'
],
maxRetryAfter:
undefined
,
calculateDelay:
[Function: calculateDelay]
,
backoffLimit:
Infinity
,
noise:
100
},
localAddress:
undefined
,
method:
'POST'
,
createConnection:
undefined
,
cacheOptions: {
shared:
undefined
,
cacheHeuristic:
undefined
,
immutableMinTimeToLive:
undefined
,
ignoreCargoCult:
undefined
},
https: {
alpnProtocols:
undefined
,
rejectUnauthorized:
undefined
,
checkServerIdentity:
undefined
,
certificateAuthority:
undefined
,
key:
undefined
,
certificate:
undefined
,
passphrase:
undefined
,
pfx:
undefined
,
ciphers:
undefined
,
honorCipherOrder:
undefined
,
minVersion:
undefined
,
maxVersion:
undefined
,
signatureAlgorithms:
undefined
,
tlsSessionLifetime:
undefined
,
dhparam:
undefined
,
ecdhCurve:
undefined
,
certificateRevocationLists:
undefined
},
encoding:
undefined
,
resolveBodyOnly:
[secure]
,
isStream:
[secure]
,
responseType:
'text'
,
url: URL {
href:
'https://gitlab.com/api/v4/projects/my_project/releases'
,
origin:
'https://gitlab.com'
,
protocol:
'https:'
,
username:
''
,
password:
''
,
host:
'gitlab.com'
,
hostname:
'gitlab.com'
,
port:
''
,
pathname:
'/api/v4/projects/my_project/releases'
,
search:
''
,
searchParams: URLSearchParams {},
hash:
''
},
pagination: {
transform:
[Function: transform]
,
paginate:
[Function: paginate]
,
filter:
[Function: filter]
,
shouldContinue:
[Function: shouldContinue]
,
countLimit:
Infinity
,
backoff:
0
,
requestLimit:
10000
,
stackAllItems:
[secure]
},
setHost:
true
,
maxHeaderSize:
undefined
,
signal:
undefined
,
enableUnixSockets:
[secure]
},
pluginName:
'@semantic-release/gitlab'
,
[cause]: {}
}
This is the .releaserc file of the project:
`verifyConditions:
- "@semantic-release/gitlab"
- "@semantic-release/changelog"
- "@semantic-release/git"
prepare:
- "@semantic-release/changelog"
- "@semantic-release/git"
generateNotes:
- "@semantic-release/release-notes-generator"
publish:
- "@semantic-release/gitlab"
success: false
fail: false
tagFormat: v${version}
plugins:
- - "@semantic-release/commit-analyzer"
- releaseRules:
- type: "feat"
release: "minor"
- message: "*"
release: patch
- - "@semantic-release/release-notes-generator"
- - "@semantic-release/changelog"
- changelogFile: "CHANGELOG.md"
- - "@semantic-release/git"
- assets:
- "CHANGELOG.md"
message: |-
chore(release): ${nextRelease.version} [skip ci]
${nextRelease.notes}
- - "@semantic-release/gitlab"
- assets:
- url: "https://gitlab.com/gitlab-org/gitlab/-/blob/master/README.md"
- label: "README.md"
branches:
- main
- "+([0-9])?(.{+([0-9]),x}).x"
- name: "main"
prerelease: "alpha"
debug: true
and the package.json:
{
"dependencies": {
"@semantic-release/changelog": "^6.0.3",
"@semantic-release/commit-analyzer": "^13.0.0",
"@semantic-release/git": "^10.0.1",
"@semantic-release/gitlab": "^13.1.0"
}
}
Thanks for the detailed description @felixprado-mc!
I have not yet of heard of such issues, so let's start with a few basic questions:
- Are you seeing this on gitlab.com or on a self-hosted GitLab instance? (Just asking because I see you have redacted some information)
- If gitlab.com could you share your project?
- If self-hosted which GitLab version are you using?
- Is this a new issues or has it never worked as expected?
- Have you already tried reducing your semantic release configuration to a minimum and see if the issue still occurs then?
Hi @fgreinacher ,
I appreciate your interest.
1, 2, 3, The project is hosted on gitlab.com but it's private so I can't share it. 4, It has never worked before but we have the same configuration for other projects, and it works. I have checked if there is something in the project's or token's configuration but I don't see anything. 5, Which configuration do you propose?
What should be the scope/permissions for the GL_TOKEN?
If this adds more information, we run this step in a Gitlab CI pipeline with the following commands:
npm install @semantic-release/gitlab
npm install @semantic-release/git
npm install @semantic-release/changelog
npm install @semantic-release/commit-analyzer
npx semantic-release
Thanks for sharing some details!
You could start very simple like this:
{
"branches": ["main"],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/gitlab"
]
}
And if that works add your configuration options one-by-one until it starts failing.
Hi @fgreinacher ,
I appreciate your interest.
1, 2, 3, The project is hosted on gitlab.com but it's private so I can't share it. 4, It has never worked before but we have the same configuration for other projects, and it works. I have checked if there is something in the project's or token's configuration but I don't see anything. 5, Which configuration do you propose?
What should be the scope/permissions for the GL_TOKEN?
If this adds more information, we run this step in a Gitlab CI pipeline with the following commands:
npm install @semantic-release/gitlab npm install @semantic-release/git npm install @semantic-release/changelog npm install @semantic-release/commit-analyzer npx semantic-release
Hi @felixprado-mc, regarding 4:
You have the exact same configuration and also the exact same gitlab token in other projects and in these other projects it is working? Just not in this particular one?\
- is the not working project maybe private and the others internal/public?
- is the branch semantic release tries to push/commit not writable (no one is allowed to push)?
- was the repository created after the token was created? (then permissions might not be included)
- can you think of any other configuration which differs between the projects?
Hi @JonasSchubert. Thanks for the support.
You have the same configuration and also the same gitlab token in other projects and in these other projects it is working? Just not in this particular one?\
The tokens are different ones, but they have the same permissions (they are created centrally with Terraform). Regarding the repository configuration, I've checked multiple times the protected branches or tags, the users that have permission to commit (including the token) and I see no difference.
- is the not working project maybe private and the others internal/public?
All of them are private.
- is the branch semantic release tries to push/commit not writable (no one is allowed to push)?
It is specifically allowed for the token.
- was the repository created after the token was created? (then permissions might not be included)
No, the tokens were created after the repository was created.
- can you think of any other configuration that differs between the projects?
I ran out of ideas of what is causing this, that's why I opened this thread. What is even stranger is that it fails in the first attempt, but works on the second.
I'm also having this issue after upgrading semantic-release.
2024-10-11T19:22:03.054Z semantic-release:get-git-auth-url Error: Command failed with exit code 128: git push --dry-run --no-verify [https://gitlab-ci-token:[secure]@gitlab.com/my/org/private/repo.git](https://gitlab-ci-token:%5Bsecure%[email protected]/my/org/private/repo.git) HEAD:main
remote: You are not allowed to push code to this project.
fatal: unable to access 'https://gitlab.com/my/org/private/repo.git/': The requested URL returned error: 403
at the bottom I see an even stranger:
2024-10-11T19:22:03.065Z semantic-release:get-git-auth-url Using "GL_TOKEN" to authenticate
[7:22:05 PM] [semantic-release] › ℹ Start step "fail" of plugin "@semantic-release/github"
[7:22:05 PM] [semantic-release] [@semantic-release/github] › ℹ Verify GitHub authentication
[7:22:05 PM] [semantic-release] › ✖ Failed step "fail" of plugin "@semantic-release/github"
[7:22:05 PM] [semantic-release] › ✖ ENOGHTOKEN No GitHub token specified.
A GitHub personal token (https://github.com/semantic-release/github/blob/master/README.md#github-authentication) must be created and set in the GH_TOKEN or GITHUB_TOKEN environment variable on your CI environment.
Please make sure to create a GitHub personal token (https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line) and to set it in the GH_TOKEN or GITHUB_TOKEN environment variable on your CI environment. The token must allow to push to the repository my/org/private/repo.
which is odd because nowhere in my repo do I use the github plugin:
plugins: [
'@semantic-release/commit-analyzer',
'@semantic-release/release-notes-generator',
'@semantic-release/gitlab'
],
I do have GITLAB_TOKEN set however, per the README
I have the same issue. It's Free version of Gitlab, self hosted. It does work when I use target project_upload, but then I can't access the assets from release. The link basically does not exist.
If I used target generic_package, the assets can't be uploaded due to 403 error.
It would be great if someone with this problem created a small public project that reproduces this behavior. Thank you!
I resolved this issue by NOT specifying the gitlab URL: gitlabUrl. When I leave this as default it just works nicely.
@fgreinacher
I have this issue when trying to include a conda package as asset in the generic package registry. Here is a minimal project reproducing it.
A GITLAB_TOKEN CI/CD variable is defined with the value of a project access token with maintainer role and api, read_api, self_rotate, read_repository, write_repository, read_registry and write_registry.
You can see the failing semantic-release job here
Gitlab is self-hosted, version is v18.4.0
OK so in my case, the issue was caused by using a "label" property for the asset that contained spaces, as it is used in the upload url. For instance, using as label "conda package" gives the request similar to
curl --location --header "PRIVATE-TOKEN: <token>" \
--upload-file phoenixcmake-1.2.1-hbf21a9e_0.conda \
"https://gitlab.in2p3.fr/api/v4/projects/34166/packages/generic/phoenixcmake/1.0.0/conda%20package?select=package_file"
which gives the 403 error on my self-hosted instance, and 400 error on gitlab.com.
Using "conda_package" as label, or no label (which defaults to the file name extracted from path) works.
Thanks for the investigation @vincent-pollet, that helps a lot. Now we need to find out whether this a limitation of the GitLab API and if so we should probably reject invalid labels early.
It is indeed a limitation of the GitLab API, see https://semantic-release.gitbook.io/semantic-release/usage/ci-configuration#push-access-to-the-remote-repository:
Valid package filenames can include:
- Letters: A-Z, a-z
- Numbers: 0-9
- Special characters: . (dot), _ (underscore), - (hyphen), + (plus), ~ (tilde), @ (at sign), / (forward slash)
The package filename cannot:
- Start with a tilde (~) or the at sign (@)
- End with a tilde (~) or the at sign (@)
- Include spaces