search

provenance-io / provenance

A distributed, proof of stake blockchain designed for the financial services industry.
https://provenance.io
Apache License 2.0
90 stars 39 forks source link

Fix NPM Publishing #1500

Open SpicyLemon opened 1 year ago

SpicyLemon commented 1 year ago

Summary of Bug

The NPM Publishing added by #1449 failed during the v1.15.0-rc1 and v1.15.0-rc2 releases.

Version

v1.15.0-rc2

Steps to Reproduce

https://github.com/provenance-io/provenance/actions/runs/4747170813/jobs/8431733222

npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://npm.pkg.github.com/@provenanceio%2fprovenance - Permission not_found: owner not found
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

How that action works:

  1. The release.yml workflow has this step in the "NPM Proto Publishing" job: 
    - name: Publish
  uses: provenance-io/npm-publish-action@v1.1
  with:
    api-version: ${{ needs.build_init.outputs.version }}
    npm-token: ${{ secrets.NPM_TOKEN }}
    tag: alpha
  2. That provenance-io/npm-publish-action is defined here.
  3. It starts up a docker container created in npm-publish that contains all the npm definition stuff, e.g. package.json.
  4. The action then runs a few commands which can be found here: npm-publish-action/entrypoint.sh
  5. Those yarn commands are defined here: npm-publish/package.json
  6. Ultimately, it ran npm publish --tag alpha which resulted in the error at the top.

The NPM_TOKEN is used to publish other packages too, e.g. walletconnect-js. It is controlled by Figure.

For Admin Use

SpicyLemon commented 1 year ago

The NPM username is provenanceio and I have the password, but there's 2FA on the account (an authenticator), so I can't log in.

SpicyLemon commented 1 year ago

Here's the most recent run (and failure): https://github.com/provenance-io/provenance/actions/runs/5359953359/job/14512560941

npm notice Publishing to https://npm.pkg.github.com/ with tag alpha and public access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://npm.pkg.github.com/@provenanceio%2fprovenance - Permission not_found: owner not found
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.