Error: Error: Command failed: npm install

[tal-rofe]

I have the following workflow config:

name: Semantic Release

on:
    push:
        branches: [main]

jobs:
    release:
        name: Release version
        permissions:
            contents: write

        runs-on: ubuntu-latest
        steps:
            - name: Checkout
              uses: actions/checkout@v3
              with:
                token: ${{ secrets.SEMANTIC_RELEASE_GH_TOKEN }}

            - name: Semantic Release
              uses: cycjimmy/semantic-release-action@v3
              with:
                  extra_plugins: |
                      @semantic-release/changelog
                      @semantic-release/commit-analyzer
                      @semantic-release/git
                      @semantic-release/npm
              env:
                  GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GH_TOKEN }}

But it fails:

Run cycjimmy/semantic-release-action@v3
  with:
    extra_plugins: @semantic-release/changelog
  @semantic-release/commit-analyzer
  @semantic-release/git
  @semantic-release/npm

  env:
    GITHUB_TOKEN: ***

added 317 packages, and audited 518 packages in 6s

44 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

Error: Error: Command failed: npm install @semantic-release/changelog @semantic-release/commit-analyzer @semantic-release/git @semantic-release/npm --silent

[tolstenko]

same thing here

Run cycjimmy/semantic-release-action@v3
  with:
    extra_plugins: @semantic-release/changelog
  @semantic-release/git
  @semantic-release/commit-analyzer
  @semantic-release/github
  @semantic-release/npm
  @semantic-release/release-notes-generator

  env:
    CPM_SOURCE_CACHE: /home/runner/work/mobagen/mobagen/cpm_modules
    GITHUB_TOKEN: ***

added [3](https://github.com/InfiniBrains/mobagen/actions/runs/4548042337/jobs/8018665533#step:4:3)17 packages, and audited 518 packages in [4](https://github.com/InfiniBrains/mobagen/actions/runs/4548042337/jobs/8018665533#step:4:4)s

44 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

Error: Error: Command failed: npm install @semantic-release/changelog @semantic-release/git @semantic-release/commit-analyzer @semantic-release/github @semantic-release/npm @semantic-release/release-notes-generator --silent

[cycjimmy]

I disabled npm-audit. Try again using the latest.

[tal-rofe]

@cycjimmy still fails:

8s
Run cycjimmy/semantic-release-action@v3.4.2
  with:
    extra_plugins: @semantic-release/changelog
  @semantic-release/commit-analyzer
  @semantic-release/git
  @semantic-release/npm

  env:
    GITHUB_TOKEN: ***

added 317 packages, and audited 518 packages in 5s

44 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

Error: Error: Command failed: npm install @semantic-release/changelog @semantic-release/commit-analyzer @semantic-release/git @semantic-release/npm --no-audit --silent```

[alexmj212]

Was able to work around this by downgrading the node version to v14 from v16. Version 18 also failed. This is suboptimal as node v14 is going out of support very soon.

Someone at Google also found the same workaround and implemented it.

    - uses: actions/setup-node@v3
      with:
        node-version: 14

This would have been easier to identify if the --silent flag respected debugging flags.

[DavraYoung]

I was able to resolve the error by upgrading to v3 version (initially we used v2) of the action and downgrading to node v14 with setup node action

[thihathit]

i also experienced this. got it working by downgrading action to cycjimmy/semantic-release-action@v3.4.1.

here's my config with node: v18

      - name: Semantic release
        id: release
        uses: cycjimmy/semantic-release-action@v3.4.1
        with:
          semantic_version: 18
          extra_plugins: |
            @semantic-release/release-notes-generator@^10
            @semantic-release/github@^8
            conventional-changelog-conventionalcommits@^5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

and previously failed action #4991193617.

I think the latest v3 changes cause this problem.

[manodupont]

Hi,

It seems like a fix has been pushed to fix this issue but it is still not working. Do I miss something ?

--> Run cycjimmy/semantic-release-action@v3.4.2

added 317 packages, and audited 518 packages in 5s

44 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

Error: Error: Command failed: npm install @semantic-release/changelog @semantic-release/git @semantic-release/github --no-audit --silent

[carlobernardini]

For me it seems to have been due to the (peer)dependencies of the extra_plugins. For example, I bumped semantic_version to 21 while still using semantic-release-slack-bot@3.5.3 which has its peerDependency on semantic-release set to >=11.0.0 <20.0.0 (meaning 21 is not in range, hence the error).

[jkbgo]

I am also facing same issue. Also it was working just couple of days ago and now suddenly it stopped working

added [31]()7 packages, and audited 518 packages in 8s

44 packages are looking for funding
  run `npm fund` for details

5 vulnerabilities (4 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

Run `npm audit` for details.

Error: Error: Command failed: npm install @semantic-release/commit-analyzer@9.0.2 @semantic-release/release-notes-generator@10.0.3 @semantic-release/npm@9.0.2 @semantic-release/github@8.0.7 @semantic-release/git@10.0.1 semantic-release-major-tag semantic-release-monorepo semantic-release-pnpm semantic-release-slack-bot@4.0.2 semantic-release-jira-releases@0.7.2 conventional-changelog-conventionalcommits@6.1.0 --no-audit --silent

[jkbgo]

https://github.com/cycjimmy/semantic-release-action/issues/159#issuecomment-1903340065

About my comment earlier, it was a package that got updated 5 days ago - semantic-release-monorepo I hardcoded to use the old version for this package and it works fine now.

[esmail]

Broken again in v4 using the GH plugin due to semantic-release/github#902 / semantic-release/github#916 bumping "semantic-release": ">=24.1.0"

Our workaround was

        with:
          semantic_version: 24.1.0

Though pinning the GH plugin might be more advisable (if this is possible?)

    with:
      extra_plugins: |
        @semantic-release/github@10.3.5

[hasezoey]

had the same issue while using this action's version v4.1.0, runner debug output:

npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: @cycjimmy/semantic-release-action@4.1.0
npm error Found: semantic-release@23.1.1
npm error node_modules/semantic-release
npm error   semantic-release@"^23.1.1" from the root project
npm error
npm error Could not resolve dependency:
npm error peer semantic-release@">=24.1.0" from @semantic-release/github@11.0.0
npm error node_modules/@semantic-release/github
npm error   @semantic-release/github@"*" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.

fix for me was to upgrade to action version v4.1.1 (released yesterday) which upgraded to semantic-release 24.x (from 23.x)