I am creating a GitHub Actions workflow to build and publish npm packages to GitHub Packages. The repo is a monorepo with several packages, so I am using the semantic-release-monorepo tool. However, the step to publish is failing and I can't figure out why.
My GitHub Actions workflow file is as follows (trimmed down slightly)
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
env:
GH_TOKEN: ${{ secrets.MY_PAT }}
steps:
- name: Checkout repo
uses: actions/checkout@v2
run: |
yarn install
yarn build
- name: Setup node for publishing to Github packages
uses: actions/setup-node@v2
env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
node-version: "12.x"
registry-url: "https://npm.pkg.github.com"
- name: Yarn publish packages
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
yarn publish-packages
yarn publish-packages
runs a script which executes the lerna command for semantic release
lerna exec --concurrency 1 -- npx --no-install semantic-release -e semantic-release-monorepo
I have made sure the repo package.json as well as the package.json for every package has the correct repository url, https://github.com/owner/repo.git
. My personal access token has permissions to repo and write and delete packages.
No matter what configs I change, the step fails with the following messages:
The command "git push --dry-run --no-verify https://[secure]@github.com/xxx/xxx.git HEAD:develop" failed with the error message remote: Repository not found. 26 fatal: repository 'https://github.com/xxx/xxx.git/' not found.
The second message is
EGITNOPERMISSION: 'semantic-release cannot push the version tag to the branch
develop
on the remote Git repository with URLhttps://[secure]@github.com/xxx/xxx.git
Other things I have tried:
NODE_AUTH_TOKEN
by default..git
to his repository url seems to have fixed it for himI've looked through the docs for semantic-release, semantic-release-monorepo, GitHub Actions, and GitHub Packages. If there is any additional information I need to include please let me know.
After some more trial and error, I discovered the cause. If my understanding is correct, a Github workflow will automatically use the available GITHUB_TOKEN secret to authenticate with Github during the step to checkout the repo using actions/checkout
. It was then persisting the credentials from this step and reusing them for the step to publish packages, even though I was injecting a personal access token as an environment variable to that step.
In the end, the fix was to use the persist-credentials
option in step one like this
steps:
- name: Checkout repo
uses: actions/checkout@v2
with:
persist-credentials: false
And then using the personal access token to authenticate with GitHub in the last step like I noted I believed should be the correct method in my question, as semantic-release docs state only PAT authentication is supported.