Search code examples
node.jsgitgithub-actionssemantic-release

Repo not found using semantic-release-monorepo in GitHub Actions workflow

I am creating a GitHub Actions workflow to build and publish npm packages to GitHub Packages. The repo is a monorepo with several packages, so I am using the semantic-release-monorepo tool. However, the step to publish is failing and I can't figure out why.

My GitHub Actions workflow file is as follows (trimmed down slightly)

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    env:
      GH_TOKEN: ${{ secrets.MY_PAT }}

    steps:
      - name: Checkout repo
        uses: actions/checkout@v2

        run: |
          yarn install
          yarn build

      - name: Setup node for publishing to Github packages
        uses: actions/setup-node@v2
        env:
          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          node-version: "12.x"
          registry-url: "https://npm.pkg.github.com"

      - name: Yarn publish packages
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
        run: |
          yarn publish-packages

yarn publish-packages runs a script which executes the lerna command for semantic release

lerna exec --concurrency 1 -- npx --no-install semantic-release -e semantic-release-monorepo

I have made sure the repo package.json as well as the package.json for every package has the correct repository url, https://github.com/owner/repo.git. My personal access token has permissions to repo and write and delete packages.

No matter what configs I change, the step fails with the following messages:

The command "git push --dry-run --no-verify https://[secure]@github.com/xxx/xxx.git HEAD:develop" failed with the error message remote: Repository not found. 26 fatal: repository 'https://github.com/xxx/xxx.git/' not found.

The second message is

EGITNOPERMISSION: 'semantic-release cannot push the version tag to the branch develop on the remote Git repository with URL https://[secure]@github.com/xxx/xxx.git

Other things I have tried:

  • Adding scope="@xxx" to the setup-node step after reading GH docs that says "GitHub Packages only supports scoped npm packages"
  • According to semantic-release docs, I have tried setting GH_TOKEN, GITHUB_TOKEN and NPM_TOKEN to every combination of my PAT or the GITHUB_TOKEN in secrets. I believe the docs say only PAT is supported. Also, NPM_TOKEN should not be required because using registry-url with the setup-node action creates an .npmrc file that uses NODE_AUTH_TOKEN by default.
  • There is an almost similar question here but adding .git to his repository url seems to have fixed it for him
  • Github docs say that I should be able to use a PAT or the GITHUB_TOKEN as the auth token in the .npmrc file, so that shouldn't be the issue

I've looked through the docs for semantic-release, semantic-release-monorepo, GitHub Actions, and GitHub Packages. If there is any additional information I need to include please let me know.

Solution

  • After some more trial and error, I discovered the cause. If my understanding is correct, a Github workflow will automatically use the available GITHUB_TOKEN secret to authenticate with Github during the step to checkout the repo using actions/checkout. It was then persisting the credentials from this step and reusing them for the step to publish packages, even though I was injecting a personal access token as an environment variable to that step.

    In the end, the fix was to use the persist-credentials option in step one like this

    steps:
  - name: Checkout repo
    uses: actions/checkout@v2
    with:
      persist-credentials: false

    And then using the personal access token to authenticate with GitHub in the last step like I noted I believed should be the correct method in my question, as semantic-release docs state only PAT authentication is supported.