search

semantic-release / github

:octocat: semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues
https://www.npmjs.com/package/@semantic-release/github
MIT License
418 stars 129 forks source link

RequestError [HttpError]: Cookies must be enabled to use GitHub. #268

Closed kleinfreund closed 4 years ago

kleinfreund commented 4 years ago

Current behavior

I set-up a semantic-release workflow via GitHub actions for the repository https://github.com/kleinfreund/vue-accessible-color-picker. On push, the workflow was run and the first version of my package was published (yay!). However, the next step failed (full error below):

[semantic-release] › ✖  Failed step "publish" of plugin "@semantic-release/github"
[semantic-release] › ✖  An error occurred while running semantic-release: RequestError [HttpError]: Cookies must be enabled to use GitHub.

I’m not sure what to make of this error. I don’t recall reading anything in the getting started documents and articles I followed about some cookie settings I needed to be aware of.

Note that I have both NPM_TOKEN and GH_TOKEN configured via the secrets settings of the repository in question. The GH_TOKEN is a public access token which was created with the public_repo permission.

What am I missing from my setup and how can I recover from this botched release?

full error [semantic-release] › ✖ Failed step "publish" of plugin "@semantic-release/github" [semantic-release] › ✖ An error occurred while running semantic-release: RequestError [HttpError]: Cookies must be enabled to use GitHub. at /home/runner/work/vue-accessible-color-picker/vue-accessible-color-picker/node_modules/@octokit/request/dist-node/index.js:66:23 at processTicksAndRejections (internal/process/task_queues.js:97:5) { status: 403, headers: { 'cache-control': 'no-cache', connection: 'close', 'content-encoding': 'gzip', 'content-security-policy': "default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com", 'content-type': 'text/plain; charset=utf-8', date: 'Thu, 14 May 2020 17:40:28 GMT', 'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"', 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', server: 'GitHub.com', 'set-cookie': '_gh_sess=[REDACTED]; path=/; secure; HttpOnly', status: '403 Forbidden', 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload', 'transfer-encoding': 'chunked', vary: 'X-PJAX, Accept-Encoding, Accept, X-Requested-With', 'x-content-type-options': 'nosniff', 'x-frame-options': 'deny', 'x-github-request-id': '0400:0851:57C564:924595:5EBD828C', 'x-xss-protection': '1; mode=block' }, request: { method: 'POST', url: 'https://github.com/repos/kleinfreund/vue-accessible-color-picker/releases', headers: { accept: 'application/vnd.github.v3+json', 'user-agent': 'octokit-rest.js/17.9.0 octokit-core.js/2.5.0 Node.js/12.16.3 (Linux 5.3; x64)', authorization: 'token [REDACTED]', 'content-type': 'application/json; charset=utf-8' }, body: '{"tag_name":"v1.0.0","name":"v1.0.0","body":"# 1.0.0 (2020-05-14)\\n\\n\\n### Features\\n\\n* implement initial version of vue-accessible-color-picker ([eba7d30](https://github.com/kleinfreund/vue-accessible-color-picker/commit/eba7d3055364c2bcbeaa1a0067df6521050d2d3b))\\n\\n\\n\\n","prerelease":false}', request: { agent: undefined, hook: [Function: bound bound register] } }, pluginName: '@semantic-release/github' } RequestError [HttpError]: Cookies must be enabled to use GitHub. at /home/runner/work/vue-accessible-color-picker/vue-accessible-color-picker/node_modules/@octokit/request/dist-node/index.js:66:23 at processTicksAndRejections (internal/process/task_queues.js:97:5) { status: 403, headers: { 'cache-control': 'no-cache', connection: 'close', 'content-encoding': 'gzip', 'content-security-policy': "default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com", 'content-type': 'text/plain; charset=utf-8', date: 'Thu, 14 May 2020 17:40:28 GMT', 'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"', 'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin', server: 'GitHub.com', 'set-cookie': '_gh_sess=[REDACTED]; path=/; secure; HttpOnly', status: '403 Forbidden', 'strict-transport-security': 'max-age=31536000; includeSubdomains; preload', 'transfer-encoding': 'chunked', vary: 'X-PJAX, Accept-Encoding, Accept, X-Requested-With', 'x-content-type-options': 'nosniff', 'x-frame-options': 'deny', 'x-github-request-id': '0400:0851:57C564:924595:5EBD828C', 'x-xss-protection': '1; mode=block' }, request: { method: 'POST', url: 'https://github.com/repos/kleinfreund/vue-accessible-color-picker/releases', headers: { accept: 'application/vnd.github.v3+json', 'user-agent': 'octokit-rest.js/17.9.0 octokit-core.js/2.5.0 Node.js/12.16.3 (Linux 5.3; x64)', authorization: 'token [REDACTED]', 'content-type': 'application/json; charset=utf-8' }, body: '{"tag_name":"v1.0.0","name":"v1.0.0","body":"# 1.0.0 (2020-05-14)\\n\\n\\n### Features\\n\\n* implement initial version of vue-accessible-color-picker ([eba7d30](https://github.com/kleinfreund/vue-accessible-color-picker/commit/eba7d3055364c2bcbeaa1a0067df6521050d2d3b))\\n\\n\\n\\n","prerelease":false}', request: { agent: undefined, hook: [Function: bound bound register] } }, pluginName: '@semantic-release/github' } ##[error]Process completed with exit code 1.

Expected behavior

For this error to not happened

or

for this error to actually tell me something useful (I know this is in particular not a problem with semantic-release).

Environment

gr2m commented 4 years ago

What is very odd is that the request is sent to https://github.com/repos/kleinfreund/vue-accessible-color-picker/releases, but it should have been https://api.github.com/repos/kleinfreund/vue-accessible-color-picker/releases. The baseUrl is incorrect. Do you have any idea how that might have happened?

kleinfreund commented 4 years ago

Oh, that is odd indeed. I didn’t even notice that. That would explain some sort of authentication failure. I have no idea how that might have happened. I really tried my best not to shoot to far over the finish line and tried the most basic setup and workflow configuration I could think that I was still okay with releasing a package. I’ll do some text-search, but so far, I’m empty-handed. :/

gr2m commented 4 years ago

Can you try to change repository.url in your package.json to

  "url": "https://github.com/kleinfreund/vue-accessible-color-picker.git"

The .git suffix is missing. It's really just a guess, but worth a try

You will also have to manually create the release for v1.0.0, semantic-release won't be able to fix that for you

gr2m commented 4 years ago

I'm fairly sure the problem occurs around here: https://github.com/semantic-release/github/blob/8027e9120afb2110be40d9e224bea627f0b6361c/lib/get-client.js#L30 🤔

kleinfreund commented 4 years ago

Can I test this by temporarily setting dryRun: true in my release.config.js to avoid needlessly releasing a version v1.0.1 on NPM?

Also, with “manually create the release for v1.0.0”, do you mean manually performing the steps the @semantic-release/github was about to do but failed at? I’ll see if I can find some documents for what exactly happens there because I don’t know.

gr2m commented 4 years ago

With "manually create the release for v1.0.0" I mean create it using the UI on github.com. The tag already exists, that's all semantic-release cares about moving forward. But if you want to add release notes, then you have to create a release manually.

Let me try to reproduce the problem you experienced with a test repository, hold on

gr2m commented 4 years ago

So this is curious: https://github.com/gr2m/vue-accessible-color-picker/runs/675583625?check_suite_focus=true#step:5:33

Because of this line: https://github.com/semantic-release/github/blob/8027e9120afb2110be40d9e224bea627f0b6361c/lib/resolve-config.js#L19

I wonder if the GITHUB_URL is new, introduced today via https://github.blog/changelog/2020-05-14-github-actions-new-runner-release-v2-262-1/. I'll investigate

gr2m commented 4 years ago

I was able to reproduce your error: https://github.com/gr2m/vue-accessible-color-picker/runs/675591678?check_suite_focus=true#step:6:137

kleinfreund commented 4 years ago

Following your recommendation to fix the repository field in my package.json (adding the missing .git extension), I pushed a new commit (including the dryRun: true setting in release.config.js). The release workflow ran successfully now: https://github.com/kleinfreund/vue-accessible-color-picker/runs/675623615

gr2m commented 4 years ago

I've added the .git suffix and got the same error: https://github.com/gr2m/vue-accessible-color-picker/runs/675618003?check_suite_focus=true#step:6:140

When run in dry mode, semantic-release is not attempting to create a release, so you don't get the error

ericsciple commented 4 years ago

@gr2m GITHUB_URL is new and feature flag turned on for some accounts today

gr2m commented 4 years ago

Thanks for confirming Eric! I'll workaround it in semantic-release 👍

ericsciple commented 4 years ago

It's one of three new env vars set by Actions, to enable scripts in Actions to work against GHES or Dotcom.

For example:

curl  -H "Authorization: bearer $GITHUB_TOKEN" --request GET "$GITHUB_API_URL/repos/monalisa/example"

Here's the three URLS:

Environment variable GHES example Dotcom value
GITHUB_URL https://my-ghes https://github.com
GITHUB_API_URL https://my-ghes/api/v3 https://api.github.com
GITHUB_GRAPHQL_URL https://my-ghes/api/graphql https://api.github.com/graphql
gr2m commented 4 years ago

GITHUB_API_URL

Fantastic, that makes the workaround much easier 👍

ericsciple commented 4 years ago

Let me know if it helps and I can turn off the feature flag (on for a small percentage of accounts). Otherwise if you're close i'll leave it on.

gr2m commented 4 years ago

I'm close, thanks #269

semantic-release-bot commented 4 years ago

:tada: This issue has been resolved in version 7.0.6 :tada:

The release is available on:

Your semantic-release bot :package::rocket:

ENikS commented 4 years ago

I am using the latest and running into the same issue ( logs ). Could someone give me a hint in layman terms how do I fix it?

kleinfreund commented 4 years ago

@ENikS As far as I understand, the bug was fixed in @semantic-release/github@7.0.6, but I’m pretty sure the package semantic-release doesn’t use this version, yet. I believe you need to manually install @semantic-release/github@7.0.6 in your project to make use of the fix that’s referenced in this issue. I haven’t verified yet whether that works because I don’t want to release the next version of my package, yet.

ENikS commented 4 years ago

Got it, thank you

ericsciple commented 4 years ago

@ENikS sorry for the disruption.

FYI, we're also turning off the feature flag now so Actions will stop setting GITHUB_URL. We're going to switch to GITHUB_SERVER_URL before re-enabling, so it doesn't conflict with semantic-release/github.

rapahaeru commented 4 years ago

i still have this problem. its publishes the tag in npm and github but not comunicates with github, to update the pull requests etc...

2020-05-20T22:20:10.7702373Z [10:20:10 PM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/npm"
2020-05-20T22:20:10.7703012Z [10:20:10 PM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/github"
2020-05-20T22:20:10.8710449Z [10:20:10 PM] [semantic-release] › ✖  Failed step "publish" of plugin "@semantic-release/github"
2020-05-20T22:20:10.8744320Z [10:20:10 PM] [semantic-release] › ✖  An error occurred while running semantic-release: RequestError [HttpError]: Cookies must be enabled to use GitHub.
2020-05-20T22:20:10.8745870Z     at /home/runner/work/catho-components/catho-components/node_modules/@octokit/request/dist-node/index.js:66:23
2020-05-20T22:20:10.8746684Z     at processTicksAndRejections (internal/process/task_queues.js:97:5) {
2020-05-20T22:20:10.8747273Z   status: 403,
2020-05-20T22:20:10.8747813Z   headers: {
2020-05-20T22:20:10.8749633Z     'cache-control': 'no-cache',
2020-05-20T22:20:10.8750560Z     connection: 'close',
2020-05-20T22:20:10.8751483Z     'content-encoding': 'gzip',
2020-05-20T22:20:10.8755809Z     'content-security-policy': "default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js",
2020-05-20T22:20:10.8757171Z     'content-type': 'text/plain; charset=utf-8',
2020-05-20T22:20:10.8758175Z     date: 'Wed, 20 May 2020 22:20:10 GMT',
2020-05-20T22:20:10.8759432Z     'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"',
2020-05-20T22:20:10.8760820Z     'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
2020-05-20T22:20:10.8761762Z     server: 'GitHub.com',
2020-05-20T22:20:10.8770982Z     'set-cookie':

But my repo is private. Is that a problem?

Silthus commented 4 years ago

I have the same problem as @rapahaeru with multiple of my repos. They are all public and use the latest version of the semantic-release packages.

Silthus commented 4 years ago

@rapahaeru try setting the GH_URL to https://api.github.com that resolved it for me.

rapahaeru commented 4 years ago

@Silthus worked here, thanks so much!

hossin43 commented 2 years ago

دانلود

ThankG12 commented 7 months ago

Coolify error I'm trying to host my github app on Coolify but it's throwing back this error. Please can you help?

kleinfreund commented 7 months ago

I'm trying to host my github app on Coolify but it's throwing back this error. Please can you help?

This looks like an issue completely unrelated to semantic-release. It looks like you have disabled cookies in your browser and GitHub as a whole stops working (I don't know this for a fact, but it looks like it from the screenshot).