Closed sejas closed 2 months ago
After this fix, the workflow worked pushing the tag to trunk, but it failed publishing on npm:
https://github.com/WordPress/playground-tools/actions/runs/8632140229/job/23662085585
Note that at this moment, the current version on NPM is 0.1.66
. https://www.npmjs.com/package/@wp-now/wp-now
Changes:
- wordpress-playground: 0.1.67 => 0.1.68
- @wp-now/wp-now: 0.1.67 => 0.1.68
lerna info auto-confirmed
lerna info execute Skipping releases
lerna verb version @wp-now/wp-now has no lockfile. Skipping lockfile update.
lerna verb version wordpress-playground has no lockfile. Skipping lockfile update.
lerna verb version Updating root package-lock.json
lerna verb git [ 'commit', '-m', 'v0.1.68' ]
lerna verb git [ 'tag', 'v0.1.68', '-m', 'v0.1.68' ]
lerna info git Pushing tags...
lerna success version finished
npm WARN publish npm auto-corrected some errors in your package.json when publishing. Please run "npm pkg fix" to address these errors.
npm WARN publish errors corrected:
npm WARN publish Removed invalid "scripts"
npm WARN publish "bin" was converted to an object
npm WARN publish "bin[@wp-now/wp-now]" was renamed to "bin[wp-now]"
npm WARN publish "bin[wp-now]" script name was cleaned
npm WARN publish "repository.url" was normalized to "git+https://github.com/WordPress/playground-tools.git"
npm notice
npm notice 📦 @wp-now/wp-now@0.1.67
npm notice === Tarball Contents ===
npm notice 14.1kB README.md
npm notice 41B cli.js
npm notice 32.0kB index.js
npm notice 38.1kB main.js
npm notice 1.1kB package.json
npm notice 1.2kB with-node-version.js
npm notice === Tarball Details ===
npm notice name: @wp-now/wp-now
npm notice version: 0.1.67
npm notice filename: wp-now-wp-now-0.1.67.tgz
npm notice package size: 22.1 kB
npm notice unpacked size: 86.5 kB
npm notice shasum: 6955455f3f14dcef332fee3b0d71a6e937f94c62
npm notice integrity: sha512-pJeZKaOTEBWVT[...]xuwvDO55g4qvw==
npm notice total files: 6
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/@wp-now%2fwp-now - Not found
npm ERR! 404
npm ERR! 404 '@wp-now/wp-now@0.1.67' is not in this registry.
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/2024-04-10T13_33_03_[323](https://github.com/WordPress/playground-tools/actions/runs/8632140229/job/23662085585#step:7:324)Z-debug-0.log
npm notice integrity: sha512-pJeZKaOTEBWVT[...]xuwvDO55g4qvw==
What's a best practice for making sure users don't share full sha
signatures when submitting bug reports?
Wondering if there's a way it could automatically be stripped out, or if it would be enough to throw a big ⚠️ Caution ⚠️ sign up. Trying to make sure the error reporting doesn't introduce attack vectors for a bunch of new WordPress users 😆
Pinging @adamziel
Not sure how we can minimize the risk that users share some keys. The more we can do is editing their comment and removing the history.
About the npm notice integrity
. Should I remove it?
That information is publicly available in the actions log https://github.com/WordPress/playground-tools/actions/runs/8632140229/job/23662085585
Does that signature actually give any sensitive information away?
Does that signature actually give any sensitive information away?
Ok it looks like the key is from upstream and not a user key?
I'll save the email from this ticket and put an exclamation mark to look at it after the 18th. Carry on! :)
What?
Try using the URL in SSH format.
Why?
wp-now
workflow not workingHow?
Testing Instructions