search

dart-lang / pub

The pub command line tool
https://dart.dev/tools/pub/cmd
BSD 3-Clause "New" or "Revised" License
1.04k stars 228 forks source link

pub lish through github action unexpectedly requires browser approval #3971

Closed iapicca closed 1 year ago

iapicca commented 1 year ago

Environment

Publishing yak_flutter 2.0.1 to https://pub.dev:
├── CHANGELOG.md (<1 KB)
├── LICENSE (1 KB)
├── README.md (<1 KB)
├── analysis_options.yaml (<1 KB)
├── example
│   └── README.md (<1 KB)
├── lib
│   ├── src
│   │   ├── all.dart (<1 KB)
│   │   ├── delegates
│   │   │   ├── all.dart (<1 KB)
│   │   │   └── theme
│   │   │       ├── all.dart (<1 KB)
│   │   │       ├── monochrome.dart (3 KB)
│   │   │       └── theme_data_delegate.dart (<1 KB)
│   │   ├── extensions
│   │   │   ├── all.dart (<1 KB)
│   │   │   ├── buildcontext.dart (<1 KB)
│   │   │   ├── color.dart (1 KB)
│   │   │   └── widgets.dart (<1 KB)
│   │   ├── typedef
│   │   │   ├── all.dart (<1 KB)
│   │   │   └── swatch.dart (<1 KB)
│   │   └── widgets
│   │       ├── all.dart (<1 KB)
│   │       └── preferred_size_themed.dart (<1 KB)
│   └── yak_flutter.dart (<1 KB)
├── pubspec.yaml (<1 KB)
└── test
    ├── delegates
    │   └── theme
    │       ├── monochrome_test.dart (6 KB)
    │       └── theme_data_delegate_test.dart (<1 KB)
    ├── extensions
    │   ├── buildcontext_test.dart (1 KB)
    │   ├── color_test.dart (2 KB)
    │   └── widgets_test.dart (<1 KB)
    ├── tools
    │   └── mock_context.dart (<1 KB)
    ├── typedef
    │   └── swatch_test.dart (<1 KB)
    └── widgets
        └── preferred_size_themed_test.dart (4 KB)
Validating package...
Package validation found the following hint:
* Non-dev dependencies are overridden in pubspec_overrides.yaml.

  This indicates you are not testing your package against the same versions of its
  dependencies that users will have when they use it.

  This might be necessary for packages with cyclic dependencies.

  Please be extra careful when publishing.

Pub needs your authorization to upload packages on your behalf.
In a web browser, go to https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=force&response_type=code&client_id=8[18](https://github.com...openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email
Then click "Allow access".

Waiting for your authorization...

Expected behavior

2 months ago the same script and credentials (as github secret) worked perfectly and successfully published updated packages

Actual behavior

pub requires approval via browser

jonasfj commented 1 year ago

Please use: https://dart.dev/tools/pub/automated-publishing

$PUB_CACHE/credentials.json have moved, storing credentials in PUB_CACHE was not ideal. It's no in $XDG_CONFIG_HOME. Also note that these are human associated credentials and never intended for release automation.

Please use: https://dart.dev/tools/pub/automated-publishing

If you wish to have more control that what our publishing from github flow does by default. Then you can register a GCP service account, grant it permission to publish and export it's credentials and do it from anywhere.

But publishing from github tags using github actions will allow you to avoid relying on secrets that can be accidentally leaked.

Just FYI: Please be aware that here are costs to having many versions. So consider not publishing every commit to master, unless that something you very rarely do. There are sanity limits on how many version of a package you can create.