semantic-release / cli

:cl::round_pushpin: Setup automated semver compliant package publishing
MIT License
367 stars 45 forks source link

[GitHub] Deprecation Notice #345

Open abhisekp opened 4 years ago

abhisekp commented 4 years ago

Current behavior

Message from Github after running npx semantic-release setup

Hi @abhisekp,

On July 10th, 2020 at 07:50 (UTC) you or an application you used recently accessed the deprecated Authorizations endpoint on the GitHub API with the useragent semantic-release.

We will remove the Authorizations API endpoint on November 13, 2020. If you accessed the API via password authentication, then we recommend you use the web flow to authenticate. Please check that your app uses the web flow for authentication https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow

You can learn more about these changes by visiting our developer blog https://developer.github.com/changes/2020-02-14-deprecating-oauth-auth-endpoint/

Thanks, The GitHub Team

Expected behavior

No emails. Inbox full.

Environment

gr2m commented 4 years ago

I think you ran npx semantic-release-cli setup, not npx semantic-release setup.

The CLI really needs some love, but the current maintainers cannot find the time for it.

For this particular case, we wait for the CLI authentication library from @octokit, which will use the OAuth web flow instead of the deprecated authorization APIs

adrienjoly commented 4 years ago

👋 Just to let you know that I've experienced the same issues after setting up semantic-release on two of my npm packages.

codebymikey commented 4 years ago

Ran into this issue as well: https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization

It still posts to https://api.github.com/authorizations and returns the following:

StatusCodeError: 404 - {"message":"Not Found","documentation_url":"https://docs.github.com/rest"}

I believe the octokit module should have the functionality now from browsing around.

gr2m commented 4 years ago

sorry :( it really is about time we replace the username/password with an OAuth flow. I might find some time to get this finally going this week

gr2m commented 4 years ago

while at it, we should also replace the default travis setup with GitHub actions, because Travis became close to useless lately

codebymikey commented 4 years ago

I'm literally in the middle of implementing a Github action as my Travis job was essentially in a queue for like 3 hours before being ran, which is pretty bad for such a popular tool.

And it's fine, no huge rush, I just had to reverse engineer what the script was trying to do and applied the environment variables and tokens manually. If you don't have the time to work on the code, a documentation for the manual process should suffice for new users (as it's pretty straightforward).

gr2m commented 4 years ago

this is what my usual release GitHub action looks like: https://github.com/octokit/core.js/blob/master/.github/workflows/release.yml

You don't need to configure the GITHUB_TOKEN, it's already provided. Unless you have actions triggered by the release event, in which case you need to use a personal access token, because actions don't trigger actions.

CalmJerome commented 4 years ago

this is what my usual release GitHub action looks like: https://github.com/octokit/core.js/blob/master/.github/workflows/release.yml

You don't need to configure the GITHUB_TOKEN, it's already provided. Unless you have actions triggered by the release event, in which case you need to use a personal access token, because actions don't trigger actions.

Thanks a lot!