I'm creating a nodejs GitHub Action that relies on npx to run semantic-release:
src/index.ts (extract, bundled to dist/index.js)
import * as core from '#actions/core'
import * as exec from '#actions/exec'
import * as github from '#actions/github'
;(async () => {
const githubRegistry: string = `https://npm.pkg.github.com/${github.context.repo.owner}`
const githubToken: string = core.getInput('github_token', { required: true })
await exec.exec('npx', ['semantic-release'], {
NPM_CONFIG_REGISTRY: githubRegistry,
NPM_TOKEN: githubToken,
GITHUB_TOKEN: githubToken
})
})()
action.yml (extract)
inputs:
github_token:
required: true
runs:
using: node12
main: dist/index.js
.github/workflows/release.yml
on:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 12
- run: yarn
- uses: ./
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
When the release workflow is ran on GitHub, it fails with the following output:
/opt/hostedtoolcache/node/12.19.0/x64/bin/npx semantic-release
/usr/bin/env: 'node': No such file or directory
Error: The process '/opt/hostedtoolcache/node/12.19.0/x64/bin/npx' failed with exit code 127
It looks like npx is trying to run node but could not find it.
I would appreciate any help, thanks :)
Related
I've been upgrading our workflow to add an automatic version bump. The problem is that I accidentally added these steps with a typo in the .bumpversion.cfg file and from that moment, the workflow is sure that the releases start at tag 1.0.0. I've created 2 releases with this scenario (1.0.0 and 1.0.1). Once I was on to this, I deleted the two releases (and tags), but now the workflow can't find the latest release tag.
One important piece of info is that the repo is a Node app, so there is already a package.json and such there.
I tried:
bumping manually the versions in my files
bumping with bump2version to the version I expected
bumping with bump2version to the next version
As you'll see, the command is missing the current version. The error in the workflow is:
An error occurred while running semantic-release: Error: Command failed with exit code 2: bump2version --allow-dirty --current-version --new-version 1.0.0 patch
the create release step is:
name: Create new release
on:
workflow_dispatch:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-latest
if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && !startsWith(github.event.head_commit.message, 'chore')"
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
fetch-depth: 0
token: ${{ secrets.ADMIN_TOKEN }}
- name: setup nodejs
uses: actions/setup-node#v3
with:
node-version: '16'
- name: release using semantic-release
env:
GITHUB_TOKEN: ${{ secrets.ADMIN_TOKEN }}
GIT_AUTHOR_NAME: secrets.automation.dev
GIT_AUTHOR_EMAIL: secrets.automation.dev#il.ibm.com
GIT_COMMITTER_NAME: secrets.automation.dev
GIT_COMMITTER_EMAIL: secrets.automation.dev#il.ibm.com
run: |
sudo apt-get update
sudo apt-get install python
pip install --user bumpversion
npm install #semantic-release/changelog
npm install #semantic-release/exec
npm install #semantic-release/git
npm install #semantic-release/github
npx semantic-release
The .bumpversion.cfg is:
[bumpversion]
current_version = 1.0.40
commit = True
message = Update version {current_version} -> {new_version}
[bumpversion:file:package.json]
search = {current_version}
replace = {new_version}
The .releaserc file is:
{
"debug": true,
"branches": [ "main" ],
"plugins": [
["#semantic-release/commit-analyzer", {
"preset": "angular",
"releaseRules": [
{"type": "release","release": "patch"}
]}],
"#semantic-release/release-notes-generator",
"#semantic-release/changelog",
[
"#semantic-release/exec",
{
"prepareCmd": "bump2version --allow-dirty --current-version ${lastRelease.version} --new-version ${nextRelease.version} patch"
}
],
[
"#semantic-release/git",
{
"message": "chore(release): ${nextRelease.version} [skip ci] release notes\n\n${nextRelease.notes}"
}
],
"#semantic-release/github"
]
}
I used 2 things to fix the issue:
I followed the excellent fix by #alvaropinot from this issue thread. Basically, I had to force-tag the commit I expected to be with the latest tag and push the tags:
git tag -f v1.0.40 356a7b4
git push -f --tags
For #semantic-release/npm to work, I had to rename a secret from "NPM_AUTH_TOKEN" to "NPM_TOKEN".
After that, I revamped my semantic-release workflow to use #semantic-release/npm:
name: Create a new release
on:
workflow_dispatch:
push:
branches:
- main
jobs:
release:
runs-on: Ubuntu-20.04
if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && !startsWith(github.event.head_commit.message, 'chore')"
steps:
- name: Checkout code
uses: actions/checkout#v3
with:
fetch-depth: 0
token: ${{ secrets.ADMIN_TOKEN }}
- name: setup nodejs
uses: actions/setup-node#v3
with:
node-version: '16'
- name: release using semantic-release
env:
GITHUB_TOKEN: ${{ secrets.ADMIN_TOKEN }}
GIT_AUTHOR_NAME: ***
GIT_AUTHOR_EMAIL: ***
GIT_COMMITTER_NAME: ***
GIT_COMMITTER_EMAIL: ***
NPM_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
run: |
sudo apt-get update
sudo apt-get install python
pip install --user bumpversion
npm install #semantic-release/changelog
npm install #semantic-release/git
npm install #semantic-release/github
npm install #semantic-release/npm
npx semantic-release
and the .releaserc file now looks like:
{
"debug": true,
"branches": [
"main"
],
"verifyConditions": [
"#semantic-release/changelog",
"#semantic-release/npm",
"#semantic-release/git"
],
"analyzeCommits":[
["#semantic-release/commit-analyzer", {
"preset": "angular",
"releaseRules": [
{"type": "release","release": "patch"}
]}],
],
"generateNotes": [
"#semantic-release/release-notes-generator"
],
"prepare": [
"#semantic-release/changelog",
"#semantic-release/npm",
"#semantic-release/git"
],
"publish": [
[
"#semantic-release/npm",
{
"pkgRoot": "dist"
}
],
{
"path": "#semantic-release/github"
}
]
}
I currently have the following pipeline working:
schedules:
- cron: "0 20 * * FRI"
displayName: 'Weekly Run'
always: true
branches:
include:
- 'develop'
trigger: none
variables:
DEPENDABOT_EXTRA_CREDENTIALS: '[{"type":"npm_registry","token":"$(DEPENDABOT_PAT)","registry":"SOME_URL"}]' # put the credentials for private registries and feeds
pool:
vmImage: 'ubuntu-latest'
stages:
- stage: CheckDependencies
displayName: 'Check Dependencies'
jobs:
- job: Dependabot
displayName: 'Run Dependabot'
pool:
vmImage: 'ubuntu-latest'
steps:
- task: dependabot#1
displayName: 'Run Dependabot - npm'
inputs:
useConfigFile: false
packageManager: 'npm'
setAutoComplete: false
azureDevOpsAccessToken: $(DEPENDABOT_PAT) # env variable
gitHubAccessToken: $(GITHUB_TOKEN) # env variable
targetBranch: 'develop'
openPullRequestsLimit: 15
However, it has started given the following warning:
"Using explicit inputs instead of a configuration file will be deprecated in the next minor release.
Migrate to using a config file at .azuredevops/dependabot.yml or .github/dependabot.yml."
I have added the config file per the docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries
with my config file looking like this:
version: 2
registries:
npm-reg:
type: npm-registry
url: https://pkgs.dev.azure.com/BC-SDPR-Research/_packaging/Research/npm/registry/
token: ${{secrets.AZURE_ACCESS_TOKEN}}
updates:
- package-ecosystem: "npm"
directory: "/"
registries:
- npm-reg
schedule:
interval: "weekly"
day: "Friday"
time: "20:00"
timezone: "America/Los_Angeles"
open-pull-requests-limit: 15
setAutoComplete: false
azureDevOpsAccessToken: ${{secrets.AZURE_ACCESS_TOKEN}}
gitHubAccessToken: ${{secrets.GITHUB_TOKEN}}
targetBranch: 'develop'
openPullRequestsLimit: 15
I have tried everything, and I am still getting the error:
Dependabot::Clients::Azure::Forbidden (Dependabot::Clients::Azure::Forbidden)
This is likely generated due to authentication with my npm registry.
Any help would be greatly appreciated.
Thanks
Based on this post and on this Github issue comment, we can't use the token property but instead the username&password properties, with the PAT token used as a password
registries:
npm-reg:
type: npm-registry
url: https://pkgs.dev.azure.com/<org>/<id>/_packaging/<feed-name>/npm/registry/
username: <username> # I am not 100% sure that this value HAS to match the PAT...
password: ${{secrets.DEVOPS_PAT}} # this is the non-base64 encoded PAT
Inside Github Action I'm using Anchore+grype to scan a container image, using the job below:
name: "CI"
on:
push:
pull_request:
branches:
- main
jobs:
image-analysis:
name: Analyze image
runs-on: ubuntu-18.04
needs: build
steps:
- name: Scan operator image
uses: anchore/scan-action#v3
id: scan
with:
image: "qserv/qserv-operator:2022.1.1-rc1"
acs-report-enable: true
In order to ignore a false-positive during image scan, I want to create the file $HOME/.grype.yaml (see content below) before launching the image scan:
ignore:
# False positive, see https://github.com/anchore/grype/issues/558
- vulnerability: CVE-2015-5237
fix-state: unknown
package:
name: google.golang.org/protobuf
version: v1.26.0
type: go-module
location: "/manager"
Could you please show me how to create this file inside Github Action?
you could do something as simple as creating the file and then writing to it like this:
- name: Create grype.yaml
run: |
touch grype.yaml
echo "
ignore:
# False positive, see https://github.com/anchore/grype/issues/558
- vulnerability: CVE-2015-5237
fix-state: unknown
package:
name: google.golang.org/protobuf
version: v1.26.0
type: go-module
location: "/manager"" > ~/grype.yaml
This one works and has been tested successfully on Github Actions:
name: "CI"
on:
push:
pull_request:
branches:
- main
jobs:
image-analysis:
name: Analyze image
runs-on: ubuntu-18.04
permissions:
security-events: write
needs: build
steps:
- name: Create grype configuration
run: |
cat <<EOF > $HOME/.grype.yaml
ignore:
# False positive, see https://github.com/anchore/grype/issues/558
- vulnerability: CVE-2015-5237
fix-state: unknown
package:
name: google.golang.org/protobuf
version: v1.26.0
type: go-module
location: "/manager"
EOF
- name: Scan operator image
uses: anchore/scan-action#v3
id: scan
with:
image: ""qserv/qserv-operator:2022.1.1-rc1""
acs-report-enable: true
fail-build: false
I am trying to create a pipeline in concourse, which is going to trigger on github updates on a remote branch, and use that branch to plan, apply and destroy a terraform deployment.
- name: terraform-repo
type: git
icon: github
source:
uri: https://github.com/....
#docker image
- name: terraform-0-13-7
type: registry-image
source:
repository: hashicorp/terraform
tag: 0.13.7
jobs:
- name: terraform-deplyoment
plan:
- get: terraform-0-13-7
- get: terraform-repo
trigger: true
- task: terraform-init
image: terraform-0-13-7
config:
inputs:
- name: terraform-repo
outputs:
- name: terraform-repo
platform: linux
run:
path: terraform
dir: terraform-repo
args:
- init
- task: terraform-plan
image: terraform-0-13-7
config:
inputs:
- name: terraform-repo
outputs:
- name: terraform-repo
platform: linux
run:
path: terraform
dir: terraform-repo
args:
- plan
params:
variable1: "test"
variable2: "test2"
This is erroring out on the concourse GUI when triggering the pipeline mentioning that the vars are not available. Am I doing something wrong with the syntax?
The params are exposed to the task as environment variables so you should use them as input variables
- task: terraform-plan
image: terraform-0-13-7
config:
inputs:
- name: terraform-repo
outputs:
- name: terraform-repo
platform: linux
run:
path: terraform
dir: terraform-repo
args:
- plan
params:
TF_VAR_variable1: "test"
TF_VAR_variable2: "test2"
I used mongodb-memory-server to test some repository functions in mongo, and run my unit-test at my local machine successfully, however when this code was pushed into GitHub, it was running fail. I am not sure the issue is about docker config or about mongodb-memory-server version.
Here is the log from GitHub:
9W45p5LM91Vj","tmpDir":{"name":"/tmp/mongo-mem--188-9W45p5LM91Vj"},"uri":"mongodb://127.0.0.1:42823/d791a878-09ac-4ccc-896d-ea603e2676ad?"}
2021-06-05T09:45:33.351Z MongoMS:MongoBinary MongoBinary options: {
"downloadDir": "/__w/son-git-test/son-git-test/node_modules/.cache/mongodb-memory-server/mongodb-binaries",
"platform": "linux",
"arch": "x64",
"version": "4.2.8",
"checkMD5": false
}
2021-06-05T09:45:33.356Z MongoMS:getos Trying LSB-Release
2021-06-05T09:45:33.372Z MongoMS:getos Trying OS-Release
2021-06-05T09:45:33.375Z MongoMS:MongoBinaryDownloadUrl Using "mongodb-linux-x86_64-debian92-4.2.8.tgz" as the Archive String
2021-06-05T09:45:33.375Z MongoMS:MongoBinaryDownloadUrl Using "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.8.tgz" as the Download-URL
2021-06-05T09:45:33.377Z MongoMS:MongoBinaryDownload Downloading: "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.8.tgz"
2021-06-05T09:45:33.377Z MongoMS:MongoBinaryDownload trying to download https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1804-4.2.8.tgz
2021-06-05T09:45:34.756Z MongoMS:MongoBinaryDownload moved /__w/son-git-test/son-git-test/node_modules/.cache/mongodb-memory-server/mongodb-binaries/mongodb-linux-x86_64-ubuntu1804-4.2.8.tgz.downloading to /__w/son-git-test/son-git-test/node_modules/.cache/mongodb-memory-server/mongodb-binaries/mongodb-linux-x86_64-ubuntu1804-4.2.8.tgz
2021-06-05T09:45:34.757Z MongoMS:MongoBinaryDownload extract(): /__w/son-git-test/son-git-test/node_modules/.cache/mongodb-memory-server/mongodb-binaries/4.2.8
2021-06-05T09:45:37.293Z MongoMS:MongoBinary MongoBinary: Download lock removed
2021-06-05T09:45:37.294Z MongoMS:MongoBinary MongoBinary: Mongod binary path: "/__w/son-git-test/son-git-test/node_modules/.cache/mongodb-memory-server/mongodb-binaries/4.2.8/mongod"
2021-06-05T09:45:37.309Z MongoMS:MongoInstance Mongo[42823]: Called MongoInstance._launchKiller(parent: 188, child: 203):
2021-06-05T09:45:37.323Z MongoMS:MongoInstance Mongo[42823]: STDERR: /__w/son-git-test/son-git-test/node_modules/.cache/mongodb-memory-server/mongodb-binaries/4.2.8/mongod: error while loading shared libraries: libcurl.so.4: cannot open shared object file: No such file or directory
2021-06-05T09:45:37.324Z MongoMS:MongoInstance Mongo[42823]: Mongod instance closed with an non-0 code!
2021-06-05T09:45:37.324Z MongoMS:MongoInstance Mongo[42823]: CLOSE: 127
2021-06-05T09:45:37.325Z MongoMS:MongoInstance Mongo[42823]: MongodbInstance: Instance has failed: Mongod instance closed with code "127"
2021-06-05T09:45:37.331Z MongoMS:MongoMemoryServer Called MongoMemoryServer.stop() method
2021-06-05T09:45:37.331Z MongoMS:MongoMemoryServer Called MongoMemoryServer.ensureInstance() method
2021-06-05T09:45:37.349Z MongoMS:MongoInstance Mongo[42823]: [MongoKiller]: exit - [null,"SIGTERM"]
FAIL src/squid/squid.controller.spec.ts (9.945 s)
● Console
console.log
before each
at Object.<anonymous> (squid/squid.controller.spec.ts:19:13)
console.log
Downloading MongoDB 4.2.8: 0 % (0mb / 126.5mb)
at MongoBinaryDownload.Object.<anonymous>.MongoBinaryDownload.printDownloadProgress (../node_modules/mongodb-memory-server-core/src/util/MongoBinaryDownload.ts:424:15)
● SquidController › should be defined
Failed: "Mongod instance closed with code \"127\""
16 | let controller: SquidController;
17 |
> 18 | beforeEach(async () => {
| ^
19 | console.log('before each');
20 | const module: TestingModule = await Test.createTestingModule({
21 | imports: [
at Env.beforeEach (../node_modules/jest-jasmine2/build/jasmineAsyncInstall.js:46:24)
at Suite.<anonymous> (squid/squid.controller.spec.ts:18:3)
at Object.<anonymous> (squid/squid.controller.spec.ts:15:1)
and here is gitflow config:
name: Code quality
on:
pull_request:
branches:
- develop
push:
branches:
- develop
defaults:
run:
shell: bash
jobs:
Code-Quality:
name: Code quality
runs-on: ubuntu-latest
container: node:lts-slim
steps:
- uses: actions/checkout#v2
- name: Install dependency
run: yarn install --frozen-lockfile
- name: Check lint and format
run: |
yarn format:check
yarn lint:check
- name: checking unit test
run: yarn test
and here is unit test code:
import { Test, TestingModule } from '#nestjs/testing';
import { MongooseModule } from '#nestjs/mongoose';
import { SquidController } from './squid.controller';
import { SquidService } from './squid.service';
import {
closeInMongodConnection,
rootMongooseTestModule,
} from '../test-utils/mongo/MongooseTestModule';
import { SquidSchema } from './model/squid.schema';
// May require additional time for downloading MongoDB binaries
jasmine.DEFAULT_TIMEOUT_INTERVAL = 600000;
describe('SquidController', () => {
let controller: SquidController;
beforeEach(async () => {
console.log('before each');
const module: TestingModule = await Test.createTestingModule({
imports: [
rootMongooseTestModule(),
MongooseModule.forFeature([{ name: 'Squid', schema: SquidSchema }]),
],
controllers: [SquidController],
providers: [SquidService],
}).compile();
controller = module.get<SquidController>(SquidController);
});
it('should be defined', () => {
expect(controller).toBeDefined();
});
afterAll(async () => {
await closeInMongodConnection();
});
});
After searching I found where the problem is. This issue is related to Node version. Mongo haven't had build version for Node slim/alpine.
We can fix by update node images: (container: node:14.17.0)
name: Code quality
on:
pull_request:
branches:
- develop
push:
branches:
- develop
defaults:
run:
shell: bash
jobs:
Code-Quality:
name: Code quality
runs-on: ubuntu-latest
container: node:14.17.0
steps:
- uses: actions/checkout#v2
- name: Install dependency
run: yarn install --frozen-lockfile
- name: Check lint and format
run: |
yarn format:check
yarn lint:check
- name: checking unit test
run: yarn test