403 Forbidden Error When Publishing via GitHub Actions

[ohkuku]

Current behavior

I am encountering a 403 Forbidden error when attempting to publish my project using semantic-release through GitHub Actions, despite having correctly configured both the GitHub All Access Token and the Automation NPM Token within my GitHub Actions pipeline.

Steps to Reproduce:

1. Configured GitHub All Access Token and Automation NPM Token as secrets in GitHub Actions.
2. Set up semantic-release in the GitHub Actions pipeline as per the official documentation.
3. Triggered the workflow on a commit to the main branch.

Actual Behavior:

The publishing step returns a 403 Forbidden error, indicating a permission issue. However, when performing a dry run using the same token within the .npmrc file, publishing succeeds without any errors. This suggests that the tokens are correctly set and have the necessary permissions. Additionally, prior to integrating semantic-release, the GitHub Actions pipeline was able to publish to NPM successfully.

Additional Information:

1. The first version of the package was published to NPM using GitHub Actions without semantic-release and did not encounter any permission issues.
2. The NPM token has been verified to have the correct permissions by successfully publishing the package in a dry run with the .npmrc configuration.
3. I have ensured that the tokens used are correct and possess the required permissions. This issue seems to arise specifically when using semantic-release in the GitHub Actions environment. Any assistance or insights into resolving this permission issue would be greatly appreciated.

Expected behavior

The package should be published to NPM without any permission issues, similar to how it worked previously without semantic-release and when manually publishing using the token via .npmrc.

semantic-release version

23.0.1

CI environment

Github Actions

Plugins used

{
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/npm",
"@semantic-release/github",
[
"@semantic-release/changelog",
{
"changelogFile": "docs/CHANGELOG.md"
}
]
]
}

semantic-release configuration

// .releaserc.json
{
  "branches": [
    {
      "name": "feature/*",
      "prerelease": "alpha"
    },
    {
      "name": "develop",
      "prerelease": "rc"
    },
    {
      "name": "main",
      "prerelease": false
    }
  ],
  "plugins": [
    "@semantic-release/commit-analyzer",
    "@semantic-release/release-notes-generator",
    "@semantic-release/npm",
    "@semantic-release/github",
    [
      "@semantic-release/changelog",
      {
        "changelogFile": "docs/CHANGELOG.md"
      }
    ]
  ]
}

// ga pipeline

name: Release

on:
  push:
    branches:
      - 'feature/**'
      - 'develop'
      - 'main'

jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write
      issues: write
      pull-requests: write
      id-token: write
    steps:
      - uses: actions/checkout@v2
        with:
          persist-credentials: false
      - name: Setup Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '21'
          registry-url: 'https://registry.npmjs.org/'
      - name: Install Dependencies
        run: npm install
      - name: Run Semantic Release
        run: npm run gh-actions-release
        env:
          GH_TOKEN: ${{ secrets.SUPER_ADMIN_GITHUB_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_TOKEN: ${{ secrets.SUPER_ADMIN_GITHUB_TOKEN }}

package.json
{
  "name": "react-susflow",
  "version": "0.0.2",
  "description": "",
  "main": "dist/index.js",
  "scripts": {
    "build": "tsc",
    "test": "jest",
    "prepare": "npm run build",
    "gh-actions-release": "semantic-release --debug"
  },
  "husky": {
    "hooks": {
      "pre-push": "npm test"
    }
  },
  "keywords": [],
  "author": "Kuku Li",
  "license": "ISC",
  "devDependencies": {
    "@semantic-release/changelog": "^6.0.3",
    "@semantic-release/commit-analyzer": "^11.1.0",
    "@semantic-release/git": "^10.0.1",
    "@semantic-release/npm": "^11.0.2",
    "@semantic-release/release-notes-generator": "^12.1.0",
    "@types/jest": "^29.5.12",
    "@types/node": "^20.11.16",
    "@types/react": "^18.2.55",
    "husky": "^9.0.10",
    "jest": "^29.7.0",
    "semantic-release": "^23.0.1",
    "ts-jest": "^29.1.2",
    "ts-node": "^10.9.2",
    "typescript": "^5.3.3"
  }
}

CI logs

[email protected] gh-actions-release
semantic-release --debug
[9:04:31 AM] [semantic-release] › ℹ Running semantic-release version 23.0.1
2024-02-07T09:04:31.563Z semantic-release:config load config from: /home/runner/work/react-susflow/react-susflow/.releaserc.json
2024-02-07T09:04:31.573Z semantic-release:config options values: {
branches: [
{ name: 'feature/*', prerelease: 'alpha' },
{ name: 'develop', prerelease: 'rc' },
{ name: 'main', prerelease: false }
],
repositoryUrl: 'https://github.com/ohkuku/react-susflow',
tagFormat: 'v${version}',
plugins: [
'@semantic-release/commit-analyzer',
'@semantic-release/release-notes-generator',
'@semantic-release/npm',
'@semantic-release/github',
[ '@semantic-release/changelog', [Object] ]
],
_: [],
debug: true,
'$0': 'node_modules/.bin/semantic-release'
}
2024-02-07T09:04:31.727Z semantic-release:plugins options for @semantic-release/npm/verifyConditions: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/npm"
2024-02-07T09:04:31.729Z semantic-release:plugins options for @semantic-release/github/verifyConditions: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/github"
2024-02-07T09:04:31.729Z semantic-release:plugins options for @semantic-release/changelog/verifyConditions: { changelogFile: 'docs/CHANGELOG.md' }
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "verifyConditions" from "@semantic-release/changelog"
2024-02-07T09:04:31.730Z semantic-release:plugins options for @semantic-release/commit-analyzer/analyzeCommits: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
2024-02-07T09:04:31.731Z semantic-release:plugins options for @semantic-release/release-notes-generator/generateNotes: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
2024-02-07T09:04:31.731Z semantic-release:plugins options for @semantic-release/npm/prepare: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "prepare" from "@semantic-release/npm"
2024-02-07T09:04:31.732Z semantic-release:plugins options for @semantic-release/changelog/prepare: { changelogFile: 'docs/CHANGELOG.md' }
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "prepare" from "@semantic-release/changelog"
2024-02-07T09:04:31.732Z semantic-release:plugins options for @semantic-release/npm/publish: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "publish" from "@semantic-release/npm"
2024-02-07T09:04:31.733Z semantic-release:plugins options for @semantic-release/github/publish: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "publish" from "@semantic-release/github"
2024-02-07T09:04:31.733Z semantic-release:plugins options for @semantic-release/npm/addChannel: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "addChannel" from "@semantic-release/npm"
2024-02-07T09:04:31.733Z semantic-release:plugins options for @semantic-release/github/addChannel: {}
2024-02-07T09:04:31.734Z semantic-release:plugins options for @semantic-release/github/success: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "addChannel" from "@semantic-release/github"
2024-02-07T09:04:31.734Z semantic-release:plugins options for @semantic-release/github/fail: {}
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "success" from "@semantic-release/github"
[9:04:31 AM] [semantic-release] › ✔ Loaded plugin "fail" from "@semantic-release/github"
2024-02-07T09:04:31.757Z semantic-release:get-git-auth-url Verifying ssh auth by attempting to push to https://github.com/ohkuku/react-susflow
2024-02-07T09:04:31.863Z semantic-release:git Error: Command failed with exit code 128: git push --dry-run --no-verify https://github.com/ohkuku/react-susflow HEAD:feature/core-logic
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
fatal: Authentication failed for 'https://github.com/ohkuku/react-susflow/'
at makeError (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/node_modules/execa/lib/error.js:60:11)
at handlePromise (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/node_modules/execa/index.js:124:26)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async verifyAuth (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/lib/git.js:206:5)
at async default (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/lib/get-git-auth-url.js:93:5)
at async run (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/index.js:67:27)
at async Module.default (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/index.js:278:22)
at async default (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/cli.js:55:5)
2024-02-07T09:04:31.863Z semantic-release:get-git-auth-url SSH key auth failed, falling back to https.
2024-02-07T09:04:32.827Z semantic-release:get-tags found tags for branch feature/core-logic: [ { gitTag: 'v0.0.1', version: '0.0.1', channels: [ null ] }, { gitTag: 'v0.1.0-alpha.1', version: '0.1.0-alpha.1', channels: [ 'feature/core-logic' ] }, { gitTag: 'v0.1.0-alpha.2', version: '0.1.0-alpha.2', channels: [ 'feature/core-logic' ] }, { gitTag: 'v0.1.0-alpha.3', version: '0.1.0-alpha.3', channels: [ 'feature/core-logic' ] }, { gitTag: 'v0.1.0-alpha.4', version: '0.1.0-alpha.4', channels: [ 'feature/core-logic' ] }, { gitTag: 'v0.1.0-alpha.5', version: '0.1.0-alpha.5', channels: [ 'feature/core-logic' ] }, { gitTag: 'v0.1.0-alpha.6', version: '0.1.0-alpha.6', channels: [ 'feature/core-logic' ] }, { gitTag: 'v0.1.0-alpha.7', version: '0.1.0-alpha.7', channels: [ 'feature/core-logic' ] } ]
2024-02-07T09:04:32.841Z semantic-release:get-tags found tags for branch develop: [ { gitTag: 'v0.0.1', version: '0.0.1', channels: [ null ] } ]
2024-02-07T09:04:32.855Z semantic-release:get-tags found tags for branch main: [ { gitTag: 'v0.0.1', version: '0.0.1', channels: [ null ] } ]
[9:04:32 AM] [semantic-release] › ✔ Run automated release from branch feature/core-logic on repository https://github.com/ohkuku/react-susflow
[9:04:33 AM] [semantic-release] › ✔ Allowed to push to the Git repository
[9:04:33 AM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/npm"
[9:04:33 AM] [semantic-release] [@semantic-release/npm] › ℹ Verify authentication for registry https://registry.npmjs.org/
[9:04:33 AM] [semantic-release] [@semantic-release/npm] › ℹ Reading npm config from /home/runner/work/_temp/.npmrc
ohkuku
[9:04:33 AM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/npm"
[9:04:33 AM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/github"
[9:04:33 AM] [semantic-release] [@semantic-release/github] › ℹ Verify GitHub authentication (https://api.github.com)
[9:04:33 AM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/github"
[9:04:33 AM] [semantic-release] › ℹ Start step "verifyConditions" of plugin "@semantic-release/changelog"
[9:04:33 AM] [semantic-release] › ✔ Completed step "verifyConditions" of plugin "@semantic-release/changelog"
[9:04:33 AM] [semantic-release] › ℹ Found git tag v0.1.0-alpha.7 associated with version 0.1.0-alpha.7 on branch feature/core-logic
2024-02-07T09:04:33.407Z semantic-release:get-commits Use from: 0f25c133102c8fb0d7e0fb5d5f8c13dfe61a945f
[9:04:33 AM] [semantic-release] › ℹ Found 2 commits since last release
2024-02-07T09:04:33.417Z semantic-release:get-commits Parsed commits: [ { commit: { long: 'aa3ded33b6785e125db18dea0189e3fc12e8ab9d', short: 'aa3ded3' }, tree: { long: 'b0922031d8d0c746c6e4f9872c9937914442e02f', short: 'b092203' }, author: { name: 'kuku', email: '[email protected]', date: 2024-02-07T09:03:54.000Z }, committer: { name: 'kuku', email: '[email protected]', date: 2024-02-07T09:03:54.000Z }, subject: 'fix: env value', body: '', hash: 'aa3ded33b6785e125db18dea0189e3fc12e8ab9d', committerDate: 2024-02-07T09:03:54.000Z, message: 'fix: env value', gitTags: '(HEAD -> feature/core-logic, origin/feature/core-logic)' }, { commit: { long: '281e096db7646272958503c7d346442c898b7d73', short: '281e096' }, tree: { long: 'c97d4f560e722c89dc116dcf6153ebccaaba3e7e', short: 'c97d4f5' }, author: { name: 'kuku', email: '[email protected]', date: 2024-02-07T09:02:23.000Z }, committer: { name: 'kuku', email: '[email protected]', date: 2024-02-07T09:02:23.000Z }, subject: 'fix: env value', body: '', hash: '281e096db
[9:04:33 AM] [semantic-release] › ℹ Start step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[9:04:33 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ Analyzing commit: fix: env value
2024-02-07T09:04:33.422Z semantic-release:commit-analyzer Analyzing with default rules
2024-02-07T09:04:33.422Z semantic-release:commit-analyzer The rule { type: 'fix', release: 'patch' } match commit with release type 'patch'
2024-02-07T09:04:33.423Z semantic-release:commit-analyzer Analyzing with default rules
[9:04:33 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ The release type for the commit is patch
[9:04:33 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ Analyzing commit: fix: env value
2024-02-07T09:04:33.423Z semantic-release:commit-analyzer The rule { type: 'fix', release: 'patch' } match commit with release type 'patch'
[9:04:33 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ The release type for the commit is patch
[9:04:33 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ Analysis of 2 commits complete: patch release
[9:04:33 AM] [semantic-release] › ✔ Completed step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[9:04:33 AM] [semantic-release] › ℹ The next release version is 0.1.0-alpha.8
[9:04:33 AM] [semantic-release] › ℹ Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator version: '0.1.0-alpha.8'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator host: undefined
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator owner: 'ohkuku'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator repository: 'react-susflow'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator previousTag: 'v0.1.0-alpha.7'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator currentTag: 'v0.1.0-alpha.8'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator host: 'https://github.com'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator linkReferences: undefined
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator issue: 'issues'
2024-02-07T09:04:33.431Z semantic-release:release-notes-generator commit: 'commit'
[9:04:33 AM] [semantic-release] › ✔ Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[9:04:33 AM] [semantic-release] › ℹ Start step "prepare" of plugin "@semantic-release/npm"
[9:04:33 AM] [semantic-release] [@semantic-release/npm] › ℹ Write version 0.1.0-alpha.8 to package.json in /home/runner/work/react-susflow/react-susflow
v0.1.0-alpha.8
[9:04:33 AM] [semantic-release] › ✔ Completed step "prepare" of plugin "@semantic-release/npm"
[9:04:33 AM] [semantic-release] › ℹ Start step "prepare" of plugin "@semantic-release/changelog"
[9:04:33 AM] [semantic-release] [@semantic-release/changelog] › ℹ Create /home/runner/work/react-susflow/react-susflow/docs/CHANGELOG.md
[9:04:33 AM] [semantic-release] › ✔ Completed step "prepare" of plugin "@semantic-release/changelog"
[9:04:34 AM] [semantic-release] › ✔ Created tag v0.1.0-alpha.8
[9:04:34 AM] [semantic-release] › ℹ Start step "publish" of plugin "@semantic-release/npm"
[9:04:34 AM] [semantic-release] [@semantic-release/npm] › ℹ Publishing version 0.1.0-alpha.8 to npm registry on dist-tag feature/core-logic
npm notice
npm notice 📦 [email protected]
npm notice === Tarball Contents ===
npm notice 848B .github/workflows/build-and-publish.yml
npm notice 496B .releaserc.json
npm notice 1.1kB LICENSE
npm notice 810B dist/index.js
npm notice 353B docs/CHANGELOG.md
npm notice 234B jest.config.ts
npm notice 903B package.json
npm notice 35B src/index.ts
npm notice 607B src/lib/create-flow.spec.ts
npm notice 695B src/lib/create-flow.ts
npm notice 215B tsconfig.json
npm notice === Tarball Details ===
npm notice name: react-susflow
npm notice version: 0.1.0-alpha.8
npm notice filename: react-susflow-0.1.0-alpha.8.tgz
npm notice package size: 3.1 kB
npm notice unpacked size: 6.3 kB
npm notice shasum: de7aac8a9798dcd01a045e89178619d6d3eb5275
npm notice integrity: sha512-yAkaq68Efo1wD[...]3vp3IiGwnvYfg==
npm notice total files: 11
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag feature/core-logic and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/react-susflow - You may not perform that action with these credentials.
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/2024-02-07T09_04_34_844Z-debug-0.log
[9:04:40 AM] [semantic-release] › ✘ Failed step "publish" of plugin "@semantic-release/npm"
[9:04:40 AM] [semantic-release] › ✘ An error occurred while running semantic-release: Error: Command failed with exit code 1: npm publish /home/runner/work/react-susflow/react-susflow --userconfig /tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc --tag feature/core-logic --registry https://registry.npmjs.org/
npm notice
npm notice 📦 [email protected]
npm notice === Tarball Contents ===
npm notice 848B .github/workflows/build-and-publish.yml
npm notice 496B .releaserc.json
npm notice 1.1kB LICENSE
npm notice 810B dist/index.js
npm notice 353B docs/CHANGELOG.md
npm notice 234B jest.config.ts
npm notice 903B package.json
npm notice 35B src/index.ts
npm notice 607B src/lib/create-flow.spec.ts
npm notice 695B src/lib/create-flow.ts
npm notice 215B tsconfig.json
npm notice === Tarball Details ===
npm notice name: react-susflow
npm notice version: 0.1.0-alpha.8
npm notice filename: react-susflow-0.1.0-alpha.8.tgz
npm notice package size: 3.1 kB
npm notice unpacked size: 6.3 kB
npm notice shasum: de7aac8a9798dcd01a045e89178619d6d3eb5275
npm notice integrity: sha512-yAkaq68Efo1wD[...]3vp3IiGwnvYfg==
npm notice total files: 11
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag feature/core-logic and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/react-susflow - You may not perform that action with these credentials.
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/2024-02-07T09_04_34_844Z-debug-0.log
at makeError (file:///home/runner/work/react-susflow/react-susflow/node_modules/@semantic-release/npm/node_modules/execa/lib/error.js:60:11)
at handlePromise (file:///home/runner/work/react-susflow/react-susflow/node_modules/@semantic-release/npm/node_modules/execa/index.js:124:26)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async default (file:///home/runner/work/react-susflow/react-susflow/node_modules/@semantic-release/npm/lib/publish.js:30:5)
at async validator (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/lib/plugins/normalize.js:36:24)
at async file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/lib/plugins/pipeline.js:38:36
at async Promise.all (index 0)
at async next (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/node_modules/p-reduce/index.js:15:44) {
shortMessage: 'Command failed with exit code 1: npm publish /home/runner/work/react-susflow/react-susflow --userconfig /tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc --tag feature/core-logic --registry https://registry.npmjs.org/',
command: 'npm publish /home/runner/work/react-susflow/react-susflow --userconfig /tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc --tag feature/core-logic --registry https://registry.npmjs.org/',
escapedCommand: 'npm publish "/home/runner/work/react-susflow/react-susflow" --userconfig "/tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc" --tag "feature/core-logic" --registry "https://registry.npmjs.org/"',
exitCode: 1,
signal: undefined,
signalDescription: undefined,
stdout: '',
stderr: 'npm notice \n' +
'npm notice 📦 [email protected]\n' +
'npm notice === Tarball Contents === \n' +
'npm notice 848B .github/workflows/build-and-publish.yml\n' +
'npm notice 496B .releaserc.json \n' +
'npm notice 1.1kB LICENSE \n' +
'npm notice 810B dist/index.js \n' +
'npm notice 353B docs/CHANGELOG.md \n' +
'npm notice 234B jest.config.ts \n' +
'npm notice 903B package.json \n' +
'npm notice 35B src/index.ts \n' +
'npm notice 607B src/lib/create-flow.spec.ts \n' +
'npm notice 695B src/lib/create-flow.ts \n' +
'npm notice 215B tsconfig.json \n' +
'npm notice === Tarball Details === \n' +
'npm notice name: react-susflow \n' +
'npm notice version: 0.1.0-alpha.8 \n' +
'npm notice filename: react-susflow-0.1.0-alpha.8.tgz \n' +
'npm notice package size: 3.1 kB \n' +
'npm notice unpacked size: 6.3 kB \n' +
'npm notice shasum: de7aac8a9798dcd01a045e89178619d6d3eb5275\n' +
'npm notice integrity: sha512-yAkaq68Efo1wD[...]3vp3IiGwnvYfg==\n' +
'npm notice total files: 11 \n' +
'npm notice \n' +
'npm notice Publishing to https://registry.npmjs.org/ with tag feature/core-logic and default access\n' +
'npm ERR! code E403\n' +
'npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/react-susflow - You may not perform that action with these credentials.\n' +
'npm ERR! 403 In most cases, you or one of your dependencies are requesting\n' +
'npm ERR! 403 a package version that is forbidden by your security policy, or\n' +
'npm ERR! 403 on a server you do not have access to.\n' +
'\n' +
'npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/2024-02-07T09_04_34_844Z-debug-0.log',
cwd: '/home/runner/work/react-susflow/react-susflow',
failed: true,
timedOut: false,
isCanceled: false,
killed: false,
pluginName: '@semantic-release/npm'
}
Error: Command failed with exit code 1: npm publish /home/runner/work/react-susflow/react-susflow --userconfig /tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc --tag feature/core-logic --registry https://registry.npmjs.org/
npm notice
npm notice 📦 [email protected]
npm notice === Tarball Contents ===
npm notice 848B .github/workflows/build-and-publish.yml
npm notice 496B .releaserc.json
npm notice 1.1kB LICENSE
npm notice 810B dist/index.js
npm notice 353B docs/CHANGELOG.md
npm notice 234B jest.config.ts
npm notice 903B package.json
npm notice 35B src/index.ts
npm notice 607B src/lib/create-flow.spec.ts
npm notice 695B src/lib/create-flow.ts
npm notice 215B tsconfig.json
npm notice === Tarball Details ===
npm notice name: react-susflow
npm notice version: 0.1.0-alpha.8
npm notice filename: react-susflow-0.1.0-alpha.8.tgz
npm notice package size: 3.1 kB
npm notice unpacked size: 6.3 kB
npm notice shasum: de7aac8a9798dcd01a045e89178619d6d3eb5275
npm notice integrity: sha512-yAkaq68Efo1wD[...]3vp3IiGwnvYfg==
npm notice total files: 11
npm notice
npm notice Publishing to https://registry.npmjs.org/ with tag feature/core-logic and default access
npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/react-susflow - You may not perform that action with these credentials.
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.
npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/2024-02-07T09_04_34_844Z-debug-0.log
at makeError (file:///home/runner/work/react-susflow/react-susflow/node_modules/@semantic-release/npm/node_modules/execa/lib/error.js:60:11)
at handlePromise (file:///home/runner/work/react-susflow/react-susflow/node_modules/@semantic-release/npm/node_modules/execa/index.js:124:26)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async default (file:///home/runner/work/react-susflow/react-susflow/node_modules/@semantic-release/npm/lib/publish.js:30:5)
at async validator (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/lib/plugins/normalize.js:36:24)
at async file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/lib/plugins/pipeline.js:38:36
at async Promise.all (index 0)
at async next (file:///home/runner/work/react-susflow/react-susflow/node_modules/semantic-release/node_modules/p-reduce/index.js:15:44) {
shortMessage: 'Command failed with exit code 1: npm publish /home/runner/work/react-susflow/react-susflow --userconfig /tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc --tag feature/core-logic --registry https://registry.npmjs.org/',
command: 'npm publish /home/runner/work/react-susflow/react-susflow --userconfig /tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc --tag feature/core-logic --registry https://registry.npmjs.org/',
escapedCommand: 'npm publish "/home/runner/work/react-susflow/react-susflow" --userconfig "/tmp/71dadfccdf0376ce1dc53a7db8eca60a/.npmrc" --tag "feature/core-logic" --registry "https://registry.npmjs.org/"',
exitCode: 1,
signal: undefined,
signalDescription: undefined,
stdout: '',
stderr: 'npm notice \n' +
'npm notice 📦 [email protected]\n' +
'npm notice === Tarball Contents === \n' +
'npm notice 848B .github/workflows/build-and-publish.yml\n' +
'npm notice 496B .releaserc.json \n' +
'npm notice 1.1kB LICENSE \n' +
'npm notice 810B dist/index.js \n' +
'npm notice 353B docs/CHANGELOG.md \n' +
'npm notice 234B jest.config.ts \n' +
'npm notice 903B package.json \n' +
'npm notice 35B src/index.ts \n' +
'npm notice 607B src/lib/create-flow.spec.ts \n' +
'npm notice 695B src/lib/create-flow.ts \n' +
'npm notice 215B tsconfig.json \n' +
'npm notice === Tarball Details === \n' +
'npm notice name: react-susflow \n' +
'npm notice version: 0.1.0-alpha.8 \n' +
'npm notice filename: react-susflow-0.1.0-alpha.8.tgz \n' +
'npm notice package size: 3.1 kB \n' +
'npm notice unpacked size: 6.3 kB \n' +
'npm notice shasum: de7aac8a9798dcd01a045e89178619d6d3eb5275\n' +
'npm notice integrity: sha512-yAkaq68Efo1wD[...]3vp3IiGwnvYfg==\n' +
'npm notice total files: 11 \n' +
'npm notice \n' +
'npm notice Publishing to https://registry.npmjs.org/ with tag feature/core-logic and default access\n' +
'npm ERR! code E403\n' +
'npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/react-susflow - You may not perform that action with these credentials.\n' +
'npm ERR! 403 In most cases, you or one of your dependencies are requesting\n' +
'npm ERR! 403 a package version that is forbidden by your security policy, or\n' +
'npm ERR! 403 on a server you do not have access to.\n' +
'\n' +
'npm ERR! A complete log of this run can be found in: /home/runner/.npm/logs/2024-02-07T09_0434_844Z-debug-0.log',
cwd: '/home/runner/work/react-susflow/react-susflow',
failed: true,
timedOut: false,
isCanceled: false,
killed: false,
pluginName: '@semantic-release/npm'
}

[travi]

we've had other users see problems like you describe when setting the registry-url property of the setup-node action. that results in the setup-node action writing a .npmrc file that conflicts with the configuration that semantic-release manages.

instead of using the setup-node action to configure the registry, we recommend configuring npm directly by versioning a .npmrc file in your repository that sets the registry property there. alternatively, you could just avoid setting the registry altogether, if you prefer, since the value you are setting the registry to is the default value anyway

[ohkuku]

Thanks bro, I figured it out at the end. It's because I'm dumb, I use a read-only npm token rather than the automation one..... Thanks anyway for helping with it. 🥂

[ohkuku]

It's not a setup-node bug, just double check if you're using the correct token.