Authentication failure when using GitHub App token

zeshuaro commented 8 months ago

Issue type

[x] bug report
[ ] idea
[ ] question
[ ] other

Expected behavior

Not sure if this is a bug or feature request, but the plugin currently doesn't work with a GitHub App token.

Actual behavior

See GitHub actions logs: https://github.com/zeshuaro/appainter/actions/runs/7516650742/job/20462200224

Error

``` [3:49:11 AM] [semantic-release] [@qiwi/semantic-release-gh-pages-plugin] › ✘ Publish docs failure ProcessError: remote: Support for password authentication was removed on August 13, 2021. remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication. fatal: Authentication failed for 'https://github.com/zeshuaro/appainter.git/' at ChildProcess. (/home/runner/work/appainter/appainter/node_modules/gh-pages/lib/git.js:42:16) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) { code: 128 } [3:49:11 AM] [semantic-release] › ✘ Failed step "publish" of plugin "@qiwi/semantic-release-gh-pages-plugin" [3:49:11 AM] [semantic-release] › ✘ An error occurred while running semantic-release: ProcessError: remote: Support for password authentication was removed on August 13, 2021. remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication. fatal: Authentication failed for 'https://github.com/zeshuaro/appainter.git/' at ChildProcess. (/home/runner/work/appainter/appainter/node_modules/gh-pages/lib/git.js:42:16) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) { code: 128, pluginName: '@qiwi/semantic-release-gh-pages-plugin' } ProcessError: remote: Support for password authentication was removed on August 13, 2021. remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication. fatal: Authentication failed for 'https://github.com/zeshuaro/appainter.git/' at ChildProcess. (/home/runner/work/appainter/appainter/node_modules/gh-pages/lib/git.js:42:16) at ChildProcess.emit (node:events:518:28) at maybeClose (node:internal/child_process:1105:16) at ChildProcess._handle.onexit (node:internal/child_process:305:5) { code: 128, pluginName: '@qiwi/semantic-release-gh-pages-plugin' } ```

[x] I've read the docs. This case is not mentioned
[x] Similar issue does not exist

Steps to reproduce

Create a GitHub App and install onto a repository
Use the github-app-token action to create a GitHub App token
Set the app token as the GITHUB_TOKEN environment variable
Run semantic release

GitHub Actions config: https://github.com/zeshuaro/appainter/actions/runs/7516650742/workflow#L277-L319 Semantic release config: https://github.com/zeshuaro/appainter/blob/main/publish.release.config.js

Specifications

version: 5.2.12
platform:
- Operating System: Ubuntu 22.04.3 LTS
- Environment details
- node: v20.11.0
- npm: 10.2.4
- yarn: 1.22.21
ci: GitHub Actions

antongolub commented 8 months ago

Hey @zeshuaro,

It's hard to say where is exactly the url construction broken. I'm afraid, we have not tested this plugin with the latest semrel (22, 23?). I would suggest to add debug/logging point to node_modules/@qiwi/semantic-release-gh-pages-plugin/target/*/config.*, and run semrel locally with --dry-run flag.

/**
 * @private
 */
export const getToken = (env: TAnyMap, repoUrl: string): string | undefined => env.GH_TOKEN || env.GITHUB_TOKEN || extractRepoToken(repoUrl)

/**
 * @private
 */
export const reassembleRepoUrl = (redirectedUrl: string, context: TContext): string | undefined => {
  const { env } = context
  const repoName = extractRepoName(redirectedUrl)
  const repoDomain = extractRepoDomain(redirectedUrl)
  const token = getToken(env, redirectedUrl)

  return `https://${token}@${repoDomain}/${repoName}.git` // ← this point
}

zeshuaro commented 8 months ago

Unfortunately, running it in dry run mode doesn't print anything as the publish step is skipped:

[5:16:53 PM] [semantic-release] › ⚠  Skip step "publish" of plugin "@qiwi/semantic-release-gh-pages-plugin" in dry-run mode

I saw this other issue on semantic-release which might be related? https://github.com/semantic-release/semantic-release/issues/1807

Specifically, they have this logic here when generating the Git URL which accommodates for app installation tokens: https://github.com/semantic-release/semantic-release/blob/971a5e0d16f1a32e117e9ce382a1618c8256d0d9/lib/get-git-auth-url.js#L67

antongolub commented 8 months ago

Hmm... Config resolution is also used in verifyConditions step. I thought it should be triggered somehow as part of 'dry-run' flow too.

zeshuaro commented 8 months ago

Sorry, my bad, missed the line in the wall of logs. But this is what the URL looks like: https://[secure]@github.com/zeshuaro/appainter.git

qiwi / semantic-release-gh-pages-plugin