-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish fails with 403 after update from lerna v3 to v5 #3217
Comments
Our lerna.json file:
|
Add silly loglevel:
|
Downgraded to lerna 3.22 and everything works again. I don't understand how publishing to npm could be affected by this? I guess lerna code goes directly to artifactory and not using the npm binary? And the code changed and authentication is not retrieved the same way as it used to with 5.x? |
I tried adding --no-verify-access and no difference. Still 403 with lerna 5. Worked with lerna 3.
|
I am assuming we should stay with lerna 3 as v5 is not working properly? |
Having the same issue here after upgrade to v5 |
Same issue on v4 as well, so probably isn't related to some recent bug |
Tried the newly released lerna 5.2 and still not working.
|
I'm having the exact same issue as @rbirkgit using Lerna 5.2.0
I originally thought the artifactory URL was incorrect in our previous builds, but I'm running the correct
|
I don't have access to a hosted private registry such as artifactory in order to try and directly reproduce. I have instead been attempting to reproduce using a locally running I wonder if there is some overlap in the comment here: npm/cli#2508 (comment) Inside of lerna a lot of packages maintained by the npm team are used, and if users were having issues with private auth in later versions of npm's tools maybe we are hitting the same points from different angles? Would somebody mind please taking a look at that thread (particularly that comment) and seeing if there are things which can be applied to the lerna publish case? |
Additionally, if someone who is running into this issue can figure out a way to reproduce the behaviour using https://github.com/verdaccio/verdaccio instead of their real private registry that would be so, so helpful! 🙏 |
it looks like you might be able to get a cloud hosted instance of Artifactory for $free to test against |
Looks like they also have free 30 day trial for self hosting: |
I can't say with any certainty that just using artifactory will reproduce the problem, it may also be how our IT has created the auth token with Artifactory and set it up in GHA, and set up that auth token in npm/yarn |
I had the exact same issue using Lerna 5.2.0 and 5.3.0
And following the @JamesHenry comment regarding this NPM issue, we solved our problem changing our
to
|
That's huge, thank you for confirming that @fabioscsilva! @bwknight877 @rbirkgit @klutzer please can you try the same thing? |
Getting the same issue. This is my new .npmrc file
|
Also here same issue while trying to publish to artifactory registry even after having applied above suggestions. With exact same config everything is working fine with version 3. Any update or clue on why this is happening?
|
Linking this issue since it seems identical #2730 Have spent three days on this and tried every solution I could find, including the ones in this thread, with no success. Will have to manually publish all my packages until there is a fix. |
@fabioscsilva 's config works for me. Also I didn't set |
I just tried Lerna 6.4.1 and still get:
What can we do to get this fixed? We are stuck with lerna v3 and cannot update. |
We had the same issue when upgrading from lerna 4 to 6 running node 14 and npm 6. But after we upgraded to Node 18 and npm 8 it works fine to publish to our private artifactory with lerna 6. |
I tried updating to Node 18, but no luck still getting the same error:
I guess many of us will forever be stuck with lerna v3. Boo! Lerna v4 broke it, and v5 and v6 still have the same issue. I wish we could revert that part so we can update. |
I finally got the update to work after years of trying! I did the following things:
Just like that, three years later I got it working! And now we can use It would be nice if the error handling could be improved. I discovered this when we tried publishing manually with npm 9 directly to our artifactory and it kept failing with "user not authenticated" error, even though I was. Finally added the ending / and it works. Same bad error. |
Got the same error. |
My observation is that how is the auth picked. One of the suggestions would be add auth specific to registry along with _auth. // .npmrc file |
Current Behavior
On our pipeline we build and publish our updated packages. We have been using lerna v3.22.1 for some time. It's working fine. Tried updating to v5.1.6 and now the publishing fails. Did not do any other changes other than updating the version of lerna.
Are there any known breaking changes we should be aware of? Something else I should have updated?
Edit: Still fails with Lerna v6.4.1 with same error.
Expected Behavior
I expect to still be able to publish our packages with updated lerna. This worked fine with lerna v3.
Steps to Reproduce
This is the relevant part of our groovy script:
Failure Logs / Configuration
Log with lerna v5:
For comparison, with lerna v3:
It seems with v5 it no longer package the files and maybe that's why it fails the publish? Not sure what else to look for in regards to error logs or other issues?
Environment
The text was updated successfully, but these errors were encountered: