Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WP-NOW: Use SSH URL for release-wp-now.yml #229

Merged
merged 1 commit into from
Apr 10, 2024
Merged

WP-NOW: Use SSH URL for release-wp-now.yml #229

merged 1 commit into from
Apr 10, 2024

Conversation

sejas
Copy link
Collaborator

@sejas sejas commented Apr 10, 2024

What?

Try using the URL in SSH format.

Why?

wp-now workflow not working

How?

Testing Instructions

  • Hard to test until it's merged and the action works.

@sejas sejas self-assigned this Apr 10, 2024
@sejas sejas merged commit 681fc44 into trunk Apr 10, 2024
3 checks passed
@sejas sejas deleted the update/wp-now-release-action-using-ssl-url branch April 10, 2024 13:30
@sejas
Copy link
Collaborator Author

sejas commented Apr 10, 2024

After this fix, the workflow worked pushing the tag to trunk, but it failed publishing on npm:

https://github.com/WordPress/playground-tools/actions/runs/8632140229/job/23662085585

Note that at this moment, the current version on NPM is 0.1.66. https://www.npmjs.com/package/@wp-now/wp-now

Screenshot 2024-04-10 at 14 37 42 
Changes:
 - wordpress-playground: 0.1.67 => 0.1.68
 - @wp-now/wp-now: 0.1.67 => 0.1.68
lerna info auto-confirmed 
lerna info execute Skipping releases
lerna verb version @wp-now/wp-now has no lockfile. Skipping lockfile update.
lerna verb version wordpress-playground has no lockfile. Skipping lockfile update.
lerna verb version Updating root package-lock.json
lerna verb git [ 'commit', '-m', 'v0.1.68' ]
lerna verb git [ 'tag', 'v0.1.68', '-m', 'v0.1.68' ]
lerna info git Pushing tags...
lerna success version finished
npm WARN publish npm auto-corrected some errors in your package.json when publishing.  Please run "npm pkg fix" to address these errors.
npm WARN publish errors corrected:
npm WARN publish Removed invalid "scripts"
npm WARN publish "bin" was converted to an object
npm WARN publish "bin[@wp-now/wp-now]" was renamed to "bin[wp-now]"
npm WARN publish "bin[wp-now]" script name was cleaned
npm WARN publish "repository.url" was normalized to "git+https://github.com/WordPress/playground-tools.git"
npm notice 
npm notice 📦  @wp-now/[email protected]
npm notice === Tarball Contents === 
npm notice 14.1kB README.md           
npm notice 41B    cli.js              
npm notice 32.0kB index.js            
npm notice 38.1kB main.js             
npm notice 1.1kB  package.json        
npm notice 1.2kB  with-node-version.js
npm notice === Tarball Details === 
npm notice name:          @wp-now/wp-now                          
npm notice version:       0.1.67                                  
npm notice filename:      wp-now-wp-now-0.1.67.tgz                
npm notice package size:  22.1 kB                                 
npm notice unpacked size: 86.5 kB                                 
npm notice shasum:        6955455f3f14dcef332fee3b0d71a6e937f94c62
npm notice integrity:     sha512-pJeZKaOTEBWVT[...]xuwvDO55g4qvw==
npm notice total files:   6                                       
npm notice 
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm ERR! code E404
npm ERR! 404 Not Found - PUT https://registry.npmjs.org/@wp-now%2fwp-now - Not found
npm ERR! 404 
npm ERR! 404  '@wp-now/[email protected]' is not in this registry.
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.
npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/2024-04-10T13_33_03_[323](https://github.com/WordPress/playground-tools/actions/runs/8632140229/job/23662085585#step:7:324)Z-debug-0.log

@flexseth
Copy link

npm notice integrity: sha512-pJeZKaOTEBWVT[...]xuwvDO55g4qvw==

What's a best practice for making sure users don't share full sha signatures when submitting bug reports?

Wondering if there's a way it could automatically be stripped out, or if it would be enough to throw a big ⚠️ Caution ⚠️ sign up. Trying to make sure the error reporting doesn't introduce attack vectors for a bunch of new WordPress users 😆

Pinging @adamziel

@sejas
Copy link
Collaborator Author

sejas commented Apr 10, 2024

Not sure how we can minimize the risk that users share some keys. The more we can do is editing their comment and removing the history.

About the npm notice integrity. Should I remove it?
That information is publicly available in the actions log https://github.com/WordPress/playground-tools/actions/runs/8632140229/job/23662085585

@adamziel
Copy link
Collaborator

Does that signature actually give any sensitive information away?

@flexseth
Copy link

Does that signature actually give any sensitive information away?

Ok it looks like the key is from upstream and not a user key?

I'll save the email from this ticket and put an exclamation mark to look at it after the 18th.
Carry on! :)

@flexseth flexseth mentioned this pull request Apr 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sejas sejas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sejas @flexseth @adamziel