semantic-release job failure
!1866 (merged) introduced the semantic-release
CI job to version the repo based on conventional commits.
The job failed right off the bat without any meaningful error message: https://gitlab.com/gitlab-org/gitlab-services/design.gitlab.com/-/jobs/529157709
However, running the job with the exact same setup and a fresh personal access token in a public fork did result in a release being properly published: https://gitlab.com/pgascouvaillancourt/design.gitlab.com/-/jobs/529745352
Debug
During the initial setup, we ran the semantic-release
in dry mode a few times and the output didn't seem to indicate any issue with the configuration: https://gitlab.com/gitlab-org/gitlab-services/design.gitlab.com/-/jobs/528746794
Most notable outputs:
[7:17:17 PM] [semantic-release] › ⚠ Run automated release from branch semantic-release-setup on repository https://gitlab-ci-token:[secure]@gitlab.com/gitlab-org/gitlab-services/design.gitlab.com.git in dry-run mode
[7:17:17 PM] [semantic-release] › ✔ Allowed to push to the Git repository
[7:17:17 PM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/changelog"
[7:17:17 PM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/changelog"
[7:17:17 PM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/git"
[7:17:17 PM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/git"
[7:17:17 PM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/gitlab"
[7:17:17 PM] [semantic-release] [@semantic-release/gitlab] › ℹ Verify GitLab authentication (https://gitlab.com/api/v4)
[7:17:18 PM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/gitlab"
[7:17:18 PM] [semantic-release] › ℹ No git tag version found on branch semantic-release-setup
[7:17:18 PM] [semantic-release] › ℹ No previous release found, retrieving all commits
[7:17:18 PM] [semantic-release] › ℹ Found 1240 commits since last release
[7:17:18 PM] [semantic-release] › ℹ Start step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
However, when running another dry run with the --debug
flag, it seems like we may have some authentication issues that do not prevent the job from succeeding: https://gitlab.com/gitlab-org/gitlab-services/design.gitlab.com/-/jobs/529907642
2020-04-28T12:57:37.086Z semantic-release:git Error: Command failed with exit code 128: git push --dry-run --no-verify https://gitlab-ci-token:[secure]@gitlab.com/gitlab-org/gitlab-services/design.gitlab.com.git HEAD:semantic-release-debug
remote: You are not allowed to upload code.
fatal: unable to access 'https://gitlab.com/gitlab-org/gitlab-services/design.gitlab.com.git/': The requested URL returned error: 403
at makeError (/usr/local/share/.config/yarn/global/node_modules/execa/lib/error.js:58:11)
at handlePromise (/usr/local/share/.config/yarn/global/node_modules/execa/index.js:114:26)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async verifyAuth (/usr/local/share/.config/yarn/global/node_modules/semantic-release/lib/git.js:207:5)
at async module.exports (/usr/local/share/.config/yarn/global/node_modules/semantic-release/lib/get-git-auth-url.js:43:5)
at async run (/usr/local/share/.config/yarn/global/node_modules/semantic-release/index.js:55:27)
at async module.exports (/usr/local/share/.config/yarn/global/node_modules/semantic-release/index.js:259:22)
at async module.exports (/usr/local/share/.config/yarn/global/node_modules/semantic-release/cli.js:55:5)
2020-04-28T12:57:37.866Z semantic-release:get-tags found tags for branch semantic-release-debug: []
[12:57:37 PM] [semantic-release] › ⚠ Run automated release from branch semantic-release-debug on repository https://gitlab-ci-token:[secure]@gitlab.com/gitlab-org/gitlab-services/design.gitlab.com.git in dry-run mode
[12:57:38 PM] [semantic-release] › ✔ Allowed to push to the Git repository
The fact that the plugin is reporting that it's allowed to push to the Git repository despite the error 403 above looks like a bug.
What can we do to address this on our end?
-
Does the access token that we currently use for design.gitlab.com
have sufficient permissions? -
Is the GITLAB_TOKEN
environment variable properly setup? - ...
/cc @tauriedavis