[Help] An error occurred while making a request to the GitLab release API: HTTPError: Response code 403 (Forbidden)

[felixprado-mc]

I get this error when executing the plugin in a Gitlab CI pipeline. It only happens the first time, because in the second execution it works fine.

I have a GL_TOKEN with the right permissions over the project.

Could anyone help?

++ npx semantic-release
[7:16:31 AM] [semantic-release] › ℹ  Running semantic-release version 23.0.8
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/changelog"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/git"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/gitlab"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/changelog"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/git"
[7:16:31 AM] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/gitlab"
[7:16:36 AM] [semantic-release] › ✔  Run automated release from branch main on repository https://gitlab-ci-token:[secure]@gitlab.com/(my-project).git
[7:16:37 AM] [semantic-release] › ✔  Allowed to push to the Git repository
[7:16:37 AM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/gitlab"
[7:16:37 AM] [semantic-release] [@semantic-release/gitlab] › ℹ  Verify GitLab authentication (https://gitlab.com/api/v4)
[7:16:37 AM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/gitlab"
[7:16:37 AM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/git"
[7:16:37 AM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/git"
[7:16:37 AM] [semantic-release] › ℹ  Found git tag v1.0.6 associated with version 1.0.6 on branch main
[7:16:37 AM] [semantic-release] › ℹ  Found 2 commits since last release
[7:16:37 AM] [semantic-release] › ℹ  Start step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: Merge branch 'renovate/github.com-spf13-cobra-1.x' into 'main'
fix(deps): update module github.com/spf13/cobra to v1.8.0
See merge request (my-mr)
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The commit should not trigger a release
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: fix(deps): update module github.com/spf13/cobra to v1.8.0
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The release type for the commit is patch
[7:16:37 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analysis of 2 commits complete: patch release
[7:16:37 AM] [semantic-release] › ✔  Completed step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[7:16:37 AM] [semantic-release] › ℹ  The next release version is 1.0.7
[7:16:37 AM] [semantic-release] › ℹ  Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:37 AM] [semantic-release] › ✔  Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:37 AM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] [@semantic-release/changelog] › ℹ  Update /builds/my_project/CHANGELOG.md
[7:16:37 AM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/changelog"
[7:16:37 AM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/git"
[7:16:37 AM] [semantic-release] [@semantic-release/git] › ℹ  Found 1 file(s) to commit
[7:16:39 AM] [semantic-release] [@semantic-release/git] › ℹ  Prepared Git release: v1.0.7
[7:16:39 AM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/git"
[7:16:39 AM] [semantic-release] › ℹ  Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:39 AM] [semantic-release] › ✔  Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[7:16:41 AM] [semantic-release] › ✔  Created tag v1.0.7
[7:16:41 AM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/gitlab"
[7:16:42 AM] [semantic-release] [@semantic-release/gitlab] › ✘  An error occurred while making a request to the GitLab release API:
HTTPError: Response code 403 (Forbidden)
    at Request.<anonymous> (file:///builds/my_project/node_modules/got/dist/source/as-promise/index.js:92:42)
    at Object.onceWrapper (node:events:[63](https://gitlab.com/my_project/-/jobs/7022066433#L63)4:26)
    at Request.emit (node:events:531:35)
    at Request._onResponseBase (file:///builds/my_project/node_modules/got/dist/source/core/index.js:604:22)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Request._onResponse (file:///builds/my_project/node_modules/got/dist/source/core/index.js:[64](https://gitlab.com/my_project/-/jobs/7022066433#L64)6:13) {
  input: undefined,
  code: 'ERR_NON_2XX_3XX_RESPONSE',
  timings: {
    start: 1717571801926,
    socket: 1717571801926,
    lookup: 1717571801926,
    connect: 1717571801926,
    secureConnect: 1717571801926,
    upload: 1717571801927,
    response: 1717571802076,
    end: 1717571802077,
    error: undefined,
    abort: undefined,
    phases: {
      wait: 0,
      dns: 0,
      tcp: 0,
      tls: 0,
      request: 1,
      firstByte: 149,
      download: 1,
      total: 151
    }
  },
  options: {
    request: undefined,
    agent: { http: undefined, https: undefined, http2: undefined },
    h2session: undefined,
    decompress: true,
    timeout: {
      connect: undefined,
      lookup: undefined,
      read: undefined,
      request: undefined,
      response: undefined,
      secureConnect: undefined,
      send: undefined,
      socket: undefined
    },
    prefixUrl: '',
    body: '{"tag_name":"v1.0.7","description":"## [1.0.7](https://gitlab.com/my_project/compare/v1.0.6...v1.0.7) (2024-06-05)\\n\\n\\n### Bug Fixes\\n\\n* **deps:** update module github.com/spf13/cobra to v1.8.0 ([ec8f0ed](https://gitlab.com/my_project/commit/ec8f0ed801c6aac985d[65](https://gitlab.com/my_project/-/jobs/7022066433#L65)e9921c015ace5002b9f))\\n\\n\\n\\n","assets":{"links":[]}}',
    form: undefined,
    json: undefined,
    cookieJar: undefined,
    ignoreInvalidCookies: [secure],
    searchParams: undefined,
    dnsLookup: undefined,
    dnsCache: undefined,
    context: {},
    hooks: {
      init: [],
      beforeRequest: [],
      beforeError: [ [Function (anonymous)] ],
      beforeRedirect: [],
      beforeRetry: [],
      afterResponse: []
    },
    followRedirect: true,
    maxRedirects: 10,
    cache: undefined,
    throwHttpErrors: true,
    username: '',
    password: '',
    http2: [secure],
    allowGetBody: [secure],
    headers: {
      'user-agent': 'got (https://github.com/sindresorhus/got)',
      'private-token': '[secure]',
      'content-type': 'application/json',
      'content-length': '422',
      'accept-encoding': 'gzip, deflate, br'
    },
    methodRewriting: [secure],
    dnsLookupIpVersion: undefined,
    parseJson: [Function: parse],
    stringifyJson: [Function: stringify],
    retry: {
      limit: 2,
      methods: [ 'GET', 'PUT', 'HEAD', 'DELETE', 'OPTIONS', 'TRACE' ],
      statusCodes: [
        408, 413, 429, 500,
        502, 503, 504, 521,
        522, 524
      ],
      errorCodes: [
        'ETIMEDOUT',
        'ECONNRESET',
        'EADDRINUSE',
        'ECONNREFUSED',
        'EPIPE',
        'ENOTFOUND',
        'ENETUNREACH',
        'EAI_AGAIN'
      ],
      maxRetryAfter: undefined,
      calculateDelay: [Function: calculateDelay],
      backoffLimit: Infinity,
      noise: 100
    },
    localAddress: undefined,
    method: 'POST',
    createConnection: undefined,
    cacheOptions: {
      shared: undefined,
      cacheHeuristic: undefined,
      immutableMinTimeToLive: undefined,
      ignoreCargoCult: undefined
    },
    https: {
      alpnProtocols: undefined,
      rejectUnauthorized: undefined,
      checkServerIdentity: undefined,
      certificateAuthority: undefined,
      key: undefined,
      certificate: undefined,
      passphrase: undefined,
      pfx: undefined,
      ciphers: undefined,
      honorCipherOrder: undefined,
      minVersion: undefined,
      maxVersion: undefined,
      signatureAlgorithms: undefined,
      tlsSessionLifetime: undefined,
      dhparam: undefined,
      ecdhCurve: undefined,
      certificateRevocationLists: undefined
    },
    encoding: undefined,
    resolveBodyOnly: [secure],
    isStream: [secure],
    responseType: 'text',
    url: URL {
      href: 'https://gitlab.com/api/v4/projects/my_project/releases',
      origin: 'https://gitlab.com',
      protocol: 'https:',
      username: '',
      password: '',
      host: 'gitlab.com',
      hostname: 'gitlab.com',
      port: '',
      pathname: '/api/v4/projects/my_project/releases',
      search: '',
      searchParams: URLSearchParams {},
      hash: ''
    },
    pagination: {
      transform: [Function: transform],
      paginate: [Function: paginate],
      filter: [Function: filter],
      shouldContinue: [Function: shouldContinue],
      countLimit: Infinity,
      backoff: 0,
      requestLimit: 10000,
      stackAllItems: [secure]
    },
    setHost: true,
    maxHeaderSize: undefined,
    signal: undefined,
    enableUnixSockets: [secure]
  },
  [cause]: {}
}
[7:16:42 AM] [semantic-release] › ✘  Failed step "publish" of plugin "@semantic-release/gitlab"
[7:16:42 AM] [semantic-release] › ✘  An error occurred while running semantic-release: HTTPError: Response code 403 (Forbidden)
    at Request.<anonymous> (file:///builds/my_project/node_modules/got/dist/source/as-promise/index.js:92:42)
    at Object.onceWrapper (node:events:634:26)
    at Request.emit (node:events:531:35)
    at Request._onResponseBase (file:///builds/my_project/node_modules/got/dist/source/core/index.js:604:22)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Request._onResponse (file:///builds/my_project/node_modules/got/dist/source/core/index.js:646:13) {
  input: undefined,
  code: 'ERR_NON_2XX_3XX_RESPONSE',
  timings: {
    start: 1[71](https://gitlab.com/my_project/-/jobs/7022066433#L71)7571801926,
    socket: 1717571801926,
    lookup: 1717571801926,
    connect: 1717571801926,
    secureConnect: 1717571801926,
    upload: 1717571801927,
    response: 1717571802076,
    end: 1717571802077,
    error: undefined,
    abort: undefined,
    phases: {
      wait: 0,
      dns: 0,
      tcp: 0,
      tls: 0,
      request: 1,
      firstByte: 149,
      download: 1,
      total: 151
    }
  },
  options: {
    request: undefined,
    agent: { http: undefined, https: undefined, http2: undefined },
    h2session: undefined,
    decompress: true,
    timeout: {
      connect: undefined,
      lookup: undefined,
      read: undefined,
      request: undefined,
      response: undefined,
      secureConnect: undefined,
      send: undefined,
      socket: undefined
    },
    prefixUrl: '',
    body: '{"tag_name":"v1.0.7","description":"## [1.0.7](https://gitlab.com/my_project/compare/v1.0.6...v1.0.7) (2024-06-05)\\n\\n\\n### Bug Fixes\\n\\n* **deps:** update module github.com/spf13/cobra to v1.8.0 ([ec8f0ed](https://gitlab.com/my_project/commit/ec8f0ed801c6aac985d65e9921c015ace5002b9f))\\n\\n\\n\\n","assets":{"links":[]}}',
    form: undefined,
    json: undefined,
    cookieJar: undefined,
    ignoreInvalidCookies: [secure],
    searchParams: undefined,
    dnsLookup: undefined,
    dnsCache: undefined,
    context: {},
    hooks: {
      init: [],
      beforeRequest: [],
      beforeError: [ [Function (anonymous)] ],
      beforeRedirect: [],
      beforeRetry: [],
      afterResponse: []
    },
    followRedirect: true,
    maxRedirects: 10,
    cache: undefined,
    throwHttpErrors: true,
    username: '',
    password: '',
    http2: [secure],
    allowGetBody: [secure],
    headers: {
      'user-agent': 'got (https://github.com/sindresorhus/got)',
      'private-token': '[secure]',
      'content-type': 'application/json',
      'content-length': '422',
      'accept-encoding': 'gzip, deflate, br'
    },
    methodRewriting: [secure],
    dnsLookupIpVersion: undefined,
    parseJson: [Function: parse],
    stringifyJson: [Function: stringify],
    retry: {
      limit: 2,
      methods: [ 'GET', 'PUT', 'HEAD', 'DELETE', 'OPTIONS', 'TRACE' ],
      statusCodes: [
        408, 413, 429, 500,
        502, 503, 504, 521,
        522, 524
      ],
      errorCodes: [
        'ETIMEDOUT',
        'ECONNRESET',
        'EADDRINUSE',
        'ECONNREFUSED',
        'EPIPE',
        'ENOTFOUND',
        'ENETUNREACH',
        'EAI_AGAIN'
      ],
      maxRetryAfter: undefined,
      calculateDelay: [Function: calculateDelay],
      backoffLimit: Infinity,
      noise: 100
    },
    localAddress: undefined,
    method: 'POST',
    createConnection: undefined,
    cacheOptions: {
      shared: undefined,
      cacheHeuristic: undefined,
      immutableMinTimeToLive: undefined,
      ignoreCargoCult: undefined
    },
    https: {
      alpnProtocols: undefined,
      rejectUnauthorized: undefined,
      checkServerIdentity: undefined,
      certificateAuthority: undefined,
      key: undefined,
      certificate: undefined,
      passphrase: undefined,
      pfx: undefined,
      ciphers: undefined,
      honorCipherOrder: undefined,
      minVersion: undefined,
      maxVersion: undefined,
      signatureAlgorithms: undefined,
      tlsSessionLifetime: undefined,
      dhparam: undefined,
      ecdhCurve: undefined,
      certificateRevocationLists: undefined
    },
    encoding: undefined,
    resolveBodyOnly: [secure],
    isStream: [secure],
    responseType: 'text',
    url: URL {
      href: 'https://gitlab.com/api/v4/projects/my_project/releases',
      origin: 'https://gitlab.com',
      protocol: 'https:',
      username: '',
      password: '',
      host: 'gitlab.com',
      hostname: 'gitlab.com',
      port: '',
      pathname: '/api/v4/projects/my_project/releases',
      search: '',
      searchParams: URLSearchParams {},
      hash: ''
    },
    pagination: {
      transform: [Function: transform],
      paginate: [Function: paginate],
      filter: [Function: filter],
      shouldContinue: [Function: shouldContinue],
      countLimit: Infinity,
      backoff: 0,
      requestLimit: 10000,
      stackAllItems: [secure]
    },
    setHost: true,
    maxHeaderSize: undefined,
    signal: undefined,
    enableUnixSockets: [secure]
  },
  pluginName: '@semantic-release/gitlab',
  [cause]: {}
}
HTTPError: Response code 403 (Forbidden)
    at Request.<anonymous> 
(file:///builds/my_project/
node_modules/
got
/dist/source/as-promise/index.js:92:42
)
    at Object.onceWrapper (node:events:634:26)
    at Request.emit (node:events:531:35)
    at Request._onResponseBase 
(file:///builds/my_project/
node_modules/
got
/dist/source/core/index.js:604:22
)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Request._onResponse 
(file:///builds/my_project/
node_modules/
got
/dist/source/core/index.js:646:13
)
 {
  input: 
undefined
,
  code: 
'ERR_NON_2XX_3XX_RESPONSE'
,
  timings: {
    start: 
171[75](https://gitlab.com/my_project/-/jobs/7022066433#L75)71801926
,
    socket: 
1717571801926
,
    lookup: 
1717571801926
,
    connect: 
1717571801926
,
    secureConnect: 
1717571801926
,
    upload: 
1717571801927
,
    response: 
1717571802076
,
    end: 
1717571802077
,
    error: 
undefined
,
    abort: 
undefined
,
    phases: {
      wait: 
0
,
      dns: 
0
,
      tcp: 
0
,
      tls: 
0
,
      request: 
1
,
      firstByte: 
149
,
      download: 
1
,
      total: 
151
    }
  },
  options: {
    request: 
undefined
,
    agent: { http: 
undefined
, https: 
undefined
, http2: 
undefined
 },
    h2session: 
undefined
,
    decompress: 
true
,
    timeout: {
      connect: 
undefined
,
      lookup: 
undefined
,
      read: 
undefined
,
      request: 
undefined
,
      response: 
undefined
,
      secureConnect: 
undefined
,
      send: 
undefined
,
      socket: 
undefined
    },
    prefixUrl: 
''
,
    body: 
'{"tag_name":"v1.0.7","description":"## [1.0.7](https://gitlab.com/my_project/compare/v1.0.6...v1.0.7) (2024-06-05)\\n\\n\\n### Bug Fixes\\n\\n* **deps:** update module github.com/spf13/cobra to v1.8.0 ([ec8f0ed](https://gitlab.com/my_project/commit/ec8f0ed801c6aac985d65e9921c015ace5002b9f))\\n\\n\\n\\n","assets":{"links":[]}}'
,
    form: 
undefined
,
    json: 
undefined
,
    cookieJar: 
undefined
,
    ignoreInvalidCookies: 
[secure]
,
    searchParams: 
undefined
,
    dnsLookup: 
undefined
,
    dnsCache: 
undefined
,
    context: {},
    hooks: {
      init: [],
      beforeRequest: [],
      beforeError: [ 
[Function (anonymous)]
 ],
      beforeRedirect: [],
      beforeRetry: [],
      afterResponse: []
    },
    followRedirect: 
true
,
    maxRedirects: 
10
,
    cache: 
undefined
,
    throwHttpErrors: 
true
,
    username: 
''
,
    password: 
''
,
    http2: 
[secure]
,
    allowGetBody: 
[secure]
,
    headers: {

'user-agent'
: 
'got (https://github.com/sindresorhus/got)'
,

'private-token'
: 
'[secure]'
,

'content-type'
: 
'application/json'
,

'content-length'
: 
'422'
,

'accept-encoding'
: 
'gzip, deflate, br'
    },
    methodRewriting: 
[secure]
,
    dnsLookupIpVersion: 
undefined
,
    parseJson: 
[Function: parse]
,
    stringifyJson: 
[Function: stringify]
,
    retry: {
      limit: 
2
,
      methods: [ 
'GET'
, 
'PUT'
, 
'HEAD'
, 
'DELETE'
, 
'OPTIONS'
, 
'TRACE'
 ],
      statusCodes: [

408
, 
413
, 
429
, 
500
,

502
, 
503
, 
504
, 
521
,

522
, 
524
      ],
      errorCodes: [

'ETIMEDOUT'
,

'ECONNRESET'
,

'EADDRINUSE'
,

'ECONNREFUSED'
,

'EPIPE'
,

'ENOTFOUND'
,

'ENETUNREACH'
,

'EAI_AGAIN'
      ],
      maxRetryAfter: 
undefined
,
      calculateDelay: 
[Function: calculateDelay]
,
      backoffLimit: 
Infinity
,
      noise: 
100
    },
    localAddress: 
undefined
,
    method: 
'POST'
,
    createConnection: 
undefined
,
    cacheOptions: {
      shared: 
undefined
,
      cacheHeuristic: 
undefined
,
      immutableMinTimeToLive: 
undefined
,
      ignoreCargoCult: 
undefined
    },
    https: {
      alpnProtocols: 
undefined
,
      rejectUnauthorized: 
undefined
,
      checkServerIdentity: 
undefined
,
      certificateAuthority: 
undefined
,
      key: 
undefined
,
      certificate: 
undefined
,
      passphrase: 
undefined
,
      pfx: 
undefined
,
      ciphers: 
undefined
,
      honorCipherOrder: 
undefined
,
      minVersion: 
undefined
,
      maxVersion: 
undefined
,
      signatureAlgorithms: 
undefined
,
      tlsSessionLifetime: 
undefined
,
      dhparam: 
undefined
,
      ecdhCurve: 
undefined
,
      certificateRevocationLists: 
undefined
    },
    encoding: 
undefined
,
    resolveBodyOnly: 
[secure]
,
    isStream: 
[secure]
,
    responseType: 
'text'
,
    url: URL {
      href: 
'https://gitlab.com/api/v4/projects/my_project/releases'
,
      origin: 
'https://gitlab.com'
,
      protocol: 
'https:'
,
      username: 
''
,
      password: 
''
,
      host: 
'gitlab.com'
,
      hostname: 
'gitlab.com'
,
      port: 
''
,
      pathname: 
'/api/v4/projects/my_project/releases'
,
      search: 
''
,
      searchParams: URLSearchParams {},
      hash: 
''
    },
    pagination: {
      transform: 
[Function: transform]
,
      paginate: 
[Function: paginate]
,
      filter: 
[Function: filter]
,
      shouldContinue: 
[Function: shouldContinue]
,
      countLimit: 
Infinity
,
      backoff: 
0
,
      requestLimit: 
10000
,
      stackAllItems: 
[secure]
    },
    setHost: 
true
,
    maxHeaderSize: 
undefined
,
    signal: 
undefined
,
    enableUnixSockets: 
[secure]
  },
  pluginName: 
'@semantic-release/gitlab'
,
  [cause]: {}
}

This is the .releaserc file of the project:

`verifyConditions:
- "@semantic-release/gitlab"
- "@semantic-release/changelog"
- "@semantic-release/git"
prepare:
- "@semantic-release/changelog"
- "@semantic-release/git"
generateNotes:
- "@semantic-release/release-notes-generator"
publish:
- "@semantic-release/gitlab"
success: false
fail: false
tagFormat: v${version}
plugins:
- - "@semantic-release/commit-analyzer"
  - releaseRules:
    - type: "feat"
      release: "minor"
    - message: "*"
      release: patch
- - "@semantic-release/release-notes-generator"
- - "@semantic-release/changelog"
  - changelogFile: "CHANGELOG.md"
- - "@semantic-release/git"
  - assets:
    - "CHANGELOG.md"
    message: |-
        chore(release): ${nextRelease.version} [skip ci]

        ${nextRelease.notes}
- - "@semantic-release/gitlab"
  - assets:
    - url: "https://gitlab.com/gitlab-org/gitlab/-/blob/master/README.md"
    - label: "README.md"
branches:
- main
- "+([0-9])?(.{+([0-9]),x}).x"
- name: "main"
  prerelease: "alpha"
debug: true

and the package.json:

{
  "dependencies": {
    "@semantic-release/changelog": "^6.0.3",
    "@semantic-release/commit-analyzer": "^13.0.0",
    "@semantic-release/git": "^10.0.1",
    "@semantic-release/gitlab": "^13.1.0"
  }
}

[fgreinacher]

Thanks for the detailed description @felixprado-mc!

I have not yet of heard of such issues, so let's start with a few basic questions:

1. Are you seeing this on gitlab.com or on a self-hosted GitLab instance? (Just asking because I see you have redacted some information)
2. If gitlab.com could you share your project?
3. If self-hosted which GitLab version are you using?
4. Is this a new issues or has it never worked as expected?
5. Have you already tried reducing your semantic release configuration to a minimum and see if the issue still occurs then?

[felixprado-mc]

Hi @fgreinacher ,

I appreciate your interest.

1, 2, 3, The project is hosted on gitlab.com but it's private so I can't share it. 4, It has never worked before but we have the same configuration for other projects, and it works. I have checked if there is something in the project's or token's configuration but I don't see anything. 5, Which configuration do you propose?

What should be the scope/permissions for the GL_TOKEN?

If this adds more information, we run this step in a Gitlab CI pipeline with the following commands:

        npm install @semantic-release/gitlab
        npm install @semantic-release/git
        npm install @semantic-release/changelog
        npm install @semantic-release/commit-analyzer
        npx semantic-release

[fgreinacher]

Thanks for sharing some details!

You could start very simple like this:

{
  "branches": ["main"],
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    "@semantic-release/gitlab"
  ]
}

And if that works add your configuration options one-by-one until it starts failing.

[JonasSchubert]

Hi @fgreinacher ,

I appreciate your interest.

1, 2, 3, The project is hosted on gitlab.com but it's private so I can't share it. 4, It has never worked before but we have the same configuration for other projects, and it works. I have checked if there is something in the project's or token's configuration but I don't see anything. 5, Which configuration do you propose?

What should be the scope/permissions for the GL_TOKEN?

If this adds more information, we run this step in a Gitlab CI pipeline with the following commands:

        npm install @semantic-release/gitlab
        npm install @semantic-release/git
        npm install @semantic-release/changelog
        npm install @semantic-release/commit-analyzer
        npx semantic-release

Hi @felixprado-mc, regarding 4:\ You have the exact same configuration and also the exact same gitlab token in other projects and in these other projects it is working? Just not in this particular one?\

• is the not working project maybe private and the others internal/public?
• is the branch semantic release tries to push/commit not writable (no one is allowed to push)?
• was the repository created after the token was created? (then permissions might not be included)
• can you think of any other configuration which differs between the projects?

[felixprado-mc]

Hi @JonasSchubert. Thanks for the support.

You have the same configuration and also the same gitlab token in other projects and in these other projects it is working? Just not in this particular one?\

The tokens are different ones, but they have the same permissions (they are created centrally with Terraform). Regarding the repository configuration, I've checked multiple times the protected branches or tags, the users that have permission to commit (including the token) and I see no difference.

• is the not working project maybe private and the others internal/public?

All of them are private.

• is the branch semantic release tries to push/commit not writable (no one is allowed to push)?

It is specifically allowed for the token.

• was the repository created after the token was created? (then permissions might not be included)

No, the tokens were created after the repository was created.

• can you think of any other configuration that differs between the projects?

I ran out of ideas of what is causing this, that's why I opened this thread. What is even stranger is that it fails in the first attempt, but works on the second.

[a-shkurenkov]

I have the same issue. @felixprado-mc Do you resolve this problem?

[bneigher]

I'm also having this issue after upgrading semantic-release.

2024-10-11T19:22:03.054Z semantic-release:get-git-auth-url Error: Command failed with exit code 128: git push --dry-run --no-verify [https://gitlab-ci-token:[secure]@gitlab.com/my/org/private/repo.git](https://gitlab-ci-token:%5Bsecure%5D@gitlab.com/my/org/private/repo.git) HEAD:main
remote: You are not allowed to push code to this project.
fatal: unable to access 'https://gitlab.com/my/org/private/repo.git/': The requested URL returned error: 403

at the bottom I see an even stranger:

2024-10-11T19:22:03.065Z semantic-release:get-git-auth-url Using "GL_TOKEN" to authenticate
[7:22:05 PM] [semantic-release] › ℹ  Start step "fail" of plugin "@semantic-release/github"
[7:22:05 PM] [semantic-release] [@semantic-release/github] › ℹ  Verify GitHub authentication
[7:22:05 PM] [semantic-release] › ✖  Failed step "fail" of plugin "@semantic-release/github"
[7:22:05 PM] [semantic-release] › ✖  ENOGHTOKEN No GitHub token specified.
A GitHub personal token (https://github.com/semantic-release/github/blob/master/README.md#github-authentication) must be created and set in the GH_TOKEN or GITHUB_TOKEN environment variable on your CI environment.
Please make sure to create a GitHub personal token (https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line) and to set it in the GH_TOKEN or GITHUB_TOKEN environment variable on your CI environment. The token must allow to push to the repository my/org/private/repo.

which is odd because nowhere in my repo do I use the github plugin:

plugins: [
      '@semantic-release/commit-analyzer',
      '@semantic-release/release-notes-generator',
      '@semantic-release/gitlab'
],

I do have GITLAB_TOKEN set however, per the README