kriswest
commented
6 months ago @robmoffat @maoo we might need you to look at the 2FA config for the FDC3 npm module and possible generate us a new token...
Closed kriswest closed 6 months ago
kriswest
commented
6 months ago @robmoffat @maoo we might need you to look at the 2FA config for the FDC3 npm module and possible generate us a new token...
kriswest
commented
6 months ago Heres a link to other people resolving the same permissions issue we have on publishing: https://github.com/semantic-release/npm/issues/209#issuecomment-712366750
kriswest
commented
6 months ago And heres the NPM docs on the same: https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification
bingenito
commented
6 months ago On npm side a token would be created of type "Automation". You can set it to never expire if desirable but some agreement should be made here. In our org we create a separate token for each project to decrease scope of risk. That value should be copied into an NPM_TOKEN action secret at the project level (if one for each project, or org if it is decided to only create one token).
Then it might be necessary to add the env mapping to that workflow step
env: NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
maoo
commented
6 months ago On npm side a token would be created of type "Automation". You can set it to never expire if desirable but some agreement should be made here. In our org we create a separate token for each project to decrease scope of risk.
We use the same setup at FINOS
@kriswest - I've generated a new NPM (Automation) token and updated the secret on GitHub; could you please try again?
kriswest
commented
6 months ago @maoo still failing... Could you check this page: https://docs.npmjs.com/requiring-2fa-for-package-publishing-and-settings-modification
Under step 4 we need option 2 (2FA required for manual publish but not for automation tokens)
I think this is causing both the Github and NPM publish ops to fail (github publish still pushes something to NPM). However, the log was a bit different this time @maoo as the NPM action was cancelled (think the github action failed first this time): https://github.com/finos/FDC3/actions/runs/7196157858/job/19602965600
Note I'm just hitting the re-run all jobs button to run this again
maoo
commented
6 months ago @kriswest - the action didn't fail, it was cancelled.
I re-run the action and it's all green now - https://github.com/finos/FDC3/actions/runs/7196157858/job/19603370934
Either the action was manually cancelled, or it was due to a temporary glitch? Not sure.
bingenito
commented
6 months ago kriswest
commented
6 months ago @maoo I think it was automatically cancelled when the github publish action failed (as they are the same action with a strategy matrix): https://github.com/finos/FDC3/actions/runs/7196157858/workflow#L55-L71
No idea why it failed though and the log is gone now - but it worked so we should be all set! Thanks @maoo and @bingenito
kriswest
commented
6 months ago Resolved!
Package publishing is currently failing via Github actions (after we switched to doing so through NPM and added package provenance), see:
https://github.com/finos/FDC3/actions/runs/7196157858/job/19600458930
@robmoffat @bingenito