Job step failure but succeeding enough that it's working functionally

[danielloader]

Bit of a pickle here because I can't work it out given the information I have available to me in the log.

The step is running and completing enough that functionally I can't see what it's missing or should be doing:

• Release gets created
• Tag gets created and pushed
• PR that got merged is labelled as released and the comment is added to say which release it's been deployed in.

So given that, I'm not sure what is failing, or why.

Having not got past this stage I'm not sure which step would be next to know what is failing.

Any help would be appreciated

Run npx -p [email protected] -p @semantic-release/[email protected] -p @semantic-release/[email protected] -p @semantic-release/[email protected] -p [email protected] -p [email protected] semantic-release
  npx -p [email protected] -p @semantic-release/[email protected] -p @semantic-release/[email protected] -p @semantic-release/[email protected] -p [email protected] -p [email protected] semantic-release
  shell: /usr/bin/bash -e {0}
  env:
    GITHUB_TOKEN: ***
npm warn exec The following packages were not found and will be installed: [email protected], @semantic-release/[email protected], @semantic-release/[email protected], [email protected], @semantic-release/[email protected], [email protected]
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
[10:35:33 AM] [semantic-release] › ℹ  Running semantic-release version 24.1.2
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/npm"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "verifyConditions" from "@semantic-release/github"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "analyzeCommits" from "@semantic-release/commit-analyzer"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "generateNotes" from "@semantic-release/release-notes-generator"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "prepare" from "@semantic-release/npm"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/npm"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "publish" from "@semantic-release/github"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "addChannel" from "@semantic-release/npm"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "addChannel" from "@semantic-release/github"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "success" from "@semantic-release/github"
[10:35:34 AM] [semantic-release] › ✔  Loaded plugin "fail" from "@semantic-release/github"
[10:35:40 AM] [semantic-release] › ✔  Run automated release from branch main on repository https://github.com/REDACTED/frontend
[10:35:40 AM] [semantic-release] › ✔  Allowed to push to the Git repository
[10:35:40 AM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/npm"
[10:35:40 AM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/npm"
[10:35:40 AM] [semantic-release] › ℹ  Start step "verifyConditions" of plugin "@semantic-release/github"
[10:35:40 AM] [semantic-release] [@semantic-release/github] › ℹ  Verify GitHub authentication (https://api.github.com)
[10:35:40 AM] [semantic-release] › ✔  Completed step "verifyConditions" of plugin "@semantic-release/github"
[10:35:40 AM] [semantic-release] › ℹ  Found git tag v1.162.8 associated with version 1.162.8 on branch main
[10:35:40 AM] [semantic-release] › ℹ  Found 1 commits since last release
[10:35:40 AM] [semantic-release] › ℹ  Start step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[10:35:40 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analyzing commit: fix: update risk code `onChange` to populate share value (#108)
[10:35:40 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  The release type for the commit is patch
[10:35:40 AM] [semantic-release] [@semantic-release/commit-analyzer] › ℹ  Analysis of 1 commits complete: patch release
[10:35:40 AM] [semantic-release] › ✔  Completed step "analyzeCommits" of plugin "@semantic-release/commit-analyzer"
[10:35:40 AM] [semantic-release] › ℹ  The next release version is 1.162.9
[10:35:40 AM] [semantic-release] › ℹ  Start step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[10:35:40 AM] [semantic-release] › ✔  Completed step "generateNotes" of plugin "@semantic-release/release-notes-generator"
[10:35:40 AM] [semantic-release] › ℹ  Start step "prepare" of plugin "@semantic-release/npm"
[10:35:40 AM] [semantic-release] [@semantic-release/npm] › ℹ  Write version 1.162.9 to package.json in /home/runner/work/frontend/frontend
v1.162.9
[10:35:41 AM] [semantic-release] › ✔  Completed step "prepare" of plugin "@semantic-release/npm"
[10:35:42 AM] [semantic-release] › ✔  Created tag v1.162.9
[10:35:42 AM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/npm"
[10:35:42 AM] [semantic-release] [@semantic-release/npm] › ℹ  Skip publishing to npm registry as package.json's private property is true
[10:35:42 AM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/npm"
[10:35:42 AM] [semantic-release] › ℹ  Start step "publish" of plugin "@semantic-release/github"
[10:35:42 AM] [semantic-release] [@semantic-release/github] › ℹ  Published GitHub release: https://github.com/REDACTED/frontend/releases/tag/v1.162.9
[10:35:42 AM] [semantic-release] › ✔  Completed step "publish" of plugin "@semantic-release/github"
[10:35:42 AM] [semantic-release] › ℹ  Start step "success" of plugin "@semantic-release/github"
[10:35:45 AM] [semantic-release] [@semantic-release/github] › ℹ  Added comment to PR #108: https://github.com/REDACTED/frontend/pull/108#issuecomment-2388322784
[10:35:46 AM] [semantic-release] [@semantic-release/github] › ℹ  Added labels [ 'released' ] to PR #108
[10:35:46 AM] [semantic-release] › ✘  Failed step "success" of plugin "@semantic-release/github"
[10:35:46 AM] [semantic-release] › ✘  An error occurred while running semantic-release: Error: Resource not accessible by integration
    at file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/node_modules/aggregate-error/index.js:23:26
    at Array.map (<anonymous>)
    at new AggregateError (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/node_modules/aggregate-error/index.js:16:19)
    at file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
    at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/index.js:87:11)
    at async run (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:218:3)
    at async Module.default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:278:22)
    at async default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/cli.js:55:5) {
  type: 'FORBIDDEN',
  path: [ 'repository', 'issues' ],
  extensions: { saml_failure: false },
  locations: [ { line: 4, column: 7 } ],
  pluginName: '@semantic-release/github'
}
AggregateError: 
    Error: Resource not accessible by integration
        at Array.map (<anonymous>)
        at file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
        at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/index.js:87:11)
        at async run (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:218:3)
        at async Module.default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:278:22)
        at async default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/cli.js:55:5)
    at file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
    at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/index.js:87:11)
    at async run (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:218:3)
    at async Module.default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:278:22)
    at async default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/cli.js:55:5) {
  errors: [
    Error: Resource not accessible by integration
        at file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/node_modules/aggregate-error/index.js:23:26
        at Array.map (<anonymous>)
        at new AggregateError (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/node_modules/aggregate-error/index.js:16:19)
        at file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/pipeline.js:55:13
        at async pluginsConfigAccumulator.<computed> [as success] (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/lib/plugins/index.js:87:11)
        at async run (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:218:3)
        at async Module.default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/index.js:278:22)
        at async default (file:///home/runner/.npm/_npx/c45523f0078986ba/node_modules/semantic-release/cli.js:55:5) {
      type: 'FORBIDDEN',
      path: [Array],
      extensions: [Object],
      locations: [Array],
      pluginName: '@semantic-release/github'
    }
  ]
}
Error: Process completed with exit code 1.

Here's the workflow file:

on:
  workflow_call:

name: Release
jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/create-github-app-token@v1
        id: app-token
        with:
          app-id: ${{ vars.PRIVATE_PACKAGE_ACCESS_APP_ID }}
          private-key: ${{ secrets.PRIVATE_PACKAGE_ACCESS_PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
      - uses: actions/checkout@v4
        with:
          token: ${{ steps.app-token.outputs.token }}
          fetch-depth: 0
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "lts/*"
          cache: 'npm'
          cache-dependency-path: '**/.github/workflows/release.yaml'
      - name: Release
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
        run: >
          npx
          -p [email protected]
          -p @semantic-release/[email protected]
          -p @semantic-release/[email protected]
          -p @semantic-release/[email protected]
          -p [email protected]
          -p [email protected]
          semantic-release

[babblebey]

Having not got past this stage I'm not sure which step would be next to know what is failing.

For the sake of knowing, this is the final step in the success lifecycle where all opened semantic-release failing release issues is retrieve and closed.

This step implements a GraphQL endpoint, something we resolved to implementing in #907 following the troubles we've experienced using the GH Search API.

So, it appears there's some particular thing with the token used that's not allowing GraphQL operation or not able to reach the particular part of the repository due to access limitation.

[danielloader]

I am having a look at the Github App permissions lists and as expected GraphQL is not listed explicitly, it's all grouped by permission types I guess.

It currently has:

• Read and Write on Contents
• Read and Write on Issues
• Read and Write on Pull Requests
• Read and Write on Packages

Guess I'm leaving this comment here for if anyone finds it and knows which additional permissions are needed.

From Github - https://docs.github.com/en/graphql/guides/forming-calls-with-graphql#authenticating-with-a-personal-access-token

If your token does not have the required scopes or permissions to access a resource, the API will return an error message that states the scopes or permissions your token needs.

If only Github, if only.

Edit: Removing, saving, and re adding the permissions and then approving them in Github on the org settings seemingly fixed it - who knows how or why.

I think it might be safe to close the issue now but I'll leave it open for another few days to check if all the actions runs succeed.

[babblebey]

Edit: Removing, saving, and re adding the permissions and then approving them in Github on the org settings seemingly fixed it - who knows how or why.

Worth looking into this for sure.

For clarity purpose... D'you mean to that you removed and replaced thesame permissions to the GitHub App/Token? 🤔

[danielloader]

Edit: Removing, saving, and re adding the permissions and then approving them in Github on the org settings seemingly fixed it - who knows how or why.

Worth looking into this for sure.

For clarity purpose... D'you mean to that you removed and replaced thesame permissions to the GitHub App/Token? 🤔

Yup but I added them one at a time and reran the pipeline each time and after the fourth it worked, wondering if one of the permissions weren't actually accepted by the org now despite being on the app.

It's run properly a few times now so I'll mark this complete and open a new issue if it re emerges.