The npx semantic-release fails on this repo when the secrets.SEMANTIC_RELEASE_GITHUB_TOKEN is being used and the GitHub API returns a 404 error, which is sometimes another way to say permission error.
RequestError [HttpError]: Not Found
at /home/runner/.npm/_npx/d32d92066bae6c10/node_modules/@octokit/request/dist-node/index.js:112:21
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async requestWithGraphqlErrorHandling (/home/runner/.npm/_npx/d32d92066bae6c10/node_modules/@octokit/plugin-retry/dist-node/index.js:71:20)
at async Job.doExecute (/home/runner/.npm/_npx/d32d92066bae6c10/node_modules/bottleneck/light.js:405:18) {
status: 404,
response: {
url: 'https://api.github.com/repos/openedx/openedx-atlas/releases',
status: 404,
Current workaround
Because this affects the wider @openedx GitHub repository @brian-smith-tcril and I chose not to edit the SEMANTIC_RELEASE_GITHUB_TOKEN.
We opted to use the github.token on the release.yml workflow instead. However, the github.token could be a bit less secure since it grants wider permissions as far as I know:
Update the @openedx organization-wide secret to include permissions to manage the releases, upload artifacts, etc -- I don't really know what how to fix it because I don't have access to see what's in the SEMANTIC_RELEASE_GITHUB_TOKEN permissions list.
Description
This repo uses the
release.yml
GitHub workflow which runs thesemantic-release
npm package to publish GitHub releases and uploads theatlas
binary to it.The
npx semantic-release
fails on this repo when thesecrets.SEMANTIC_RELEASE_GITHUB_TOKEN
is being used and the GitHub API returns a 404 error, which is sometimes another way to say permission error.Here's the failed job attempt https://github.com/openedx/openedx-atlas/actions/runs/5786749334/attempts/1 with a 404 error
Current workaround
Because this affects the wider @openedx GitHub repository @brian-smith-tcril and I chose not to edit the
SEMANTIC_RELEASE_GITHUB_TOKEN
.We opted to use the
github.token
on therelease.yml
workflow instead. However, thegithub.token
could be a bit less secure since it grants wider permissions as far as I know:The release process now works well and upload the binary successfully: https://github.com/openedx/openedx-atlas/releases/tag/v0.2.0
The updated workflow looks like the following:
https://github.com/openedx/openedx-atlas/blob/18eb0cc995c4059f704eb0cf2b61fa6ca15f345c/.github/workflows/release.yml#L16-L18
Suggested fix
Update the @openedx organization-wide secret to include permissions to manage the releases, upload artifacts, etc -- I don't really know what how to fix it because I don't have access to see what's in the
SEMANTIC_RELEASE_GITHUB_TOKEN
permissions list.