Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[e2e]: nodejs push branch1 default slsa3 #3661

Closed
ianlewis opened this issue May 17, 2024 · 3 comments
Closed

[e2e]: nodejs push branch1 default slsa3 #3661

ianlewis opened this issue May 17, 2024 · 3 comments
Labels
area:nodejs Issue related to the Node.js builder e2e e2e integration tests type:bug Something isn't working

Comments

@ianlewis
Copy link
Member

Repo: https://github.com/slsa-framework/example-package/tree/branch1
Run: https://github.com/slsa-framework/example-package/actions/runs/9123748249
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.nodejs.push.branch1.default.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.branch1.default.slsa3.yml
Trigger: push
Branch: branch1
Date: Fri May 17 06:15:10 UTC 2024
@ianlewis ianlewis added area:nodejs Issue related to the Node.js builder e2e e2e integration tests type:bug Something isn't working labels May 17, 2024
@ianlewis
Copy link
Member Author

ianlewis commented May 17, 2024
edited

Seems like this issue: slsa-framework/example-package#213

npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm http fetch PUT 403 https://registry.npmjs.org/@slsa-framework%2fe2e-nodejs-push-branch1-default-slsa3 470ms
npm verb stack HttpErrorGeneral: 403 Forbidden - PUT https://registry.npmjs.org/@slsa-framework%2fe2e-nodejs-push-branch1-default-slsa3 - You cannot publish over the previously published versions: 0.0.410.
npm verb stack     at /tmp/tmp.F55h4210HF/node_modules/npm/node_modules/npm-registry-fetch/lib/check-response.js:95:15
npm verb stack     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
npm verb stack     at async publish (/tmp/tmp.F55h4210HF/node_modules/npm/node_modules/libnpmpublish/lib/publish.js:54:17)
npm verb stack     at async otplease (/tmp/tmp.F55h4210HF/node_modules/npm/lib/utils/otplease.js:4:12)
npm verb stack     at async Publish.exec (/tmp/tmp.F55h4210HF/node_modules/npm/lib/commands/publish.js:123:7)
npm verb stack     at async module.exports (/tmp/tmp.F55h4210HF/node_modules/npm/lib/cli-entry.js:61:5)
npm verb statusCode 403

0.0.410 was previously published by this job run: https://github.com/slsa-framework/example-package/actions/runs/9123744136/job/25086774571

Somehow this bootstrapping job run caused triggered two subsequent job runs rather than one:
https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599

It looks like it failed once and then retried? So maybe the failure was partially successful and triggered the first subsequent run but hit a failure later and then did a retry which triggered the second run? Not sure how this is happening yet.

@ianlewis
Copy link
Member Author

Full log from the bootstrap step:

Run ./.github/workflows/scripts/e2e-bootstrap.sh
  ./.github/workflows/scripts/e[2](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:2)e-bootstrap.sh
  shell: /usr/bin/bash -e {0}
  env:
    GH_TOKEN: ***
    ISSUE_REPOSITORY: slsa-framework/slsa-github-generator
Creating new commit and pushing, attempt 1
Cloning into 'repo_checkout'...
[main b0bfcd9ce] .github/workflows/e2e.nodejs.push.branch1.default.slsa[3](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:3).yml
 3 files changed, 4 insertions(+), [4](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:4) deletions(-)
Switched to a new branch 'branch1'
remote: 
remote: GitHub found 10 vulnerabilities on slsa-framework/example-package's default branch (1 moderate, 9 low). To find out more, visit:        
remote:      https://github.com/slsa-framework/example-package/security/dependabot        
remote: 
To https://github.com/slsa-framework/example-package.git
 + 1b6b7[5](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:5)f18...b0bfcd9ce branch1 -> branch1 (forced update)
branch 'branch1' set up to track 'origin/branch1'.
Switched to branch 'main'
Your branch is ahead of 'origin/main' by 1 commit.
  (use "git push" to publish your local commits)
[main 87bad758b] sync'ing branch1 - Fri May 17 0[6](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:6):08:07 UTC 2024
 1 file changed, 1 insertion(+), 1 deletion(-)
To https://github.com/slsa-framework/example-package.git
 ! [rejected]            main -> main (fetch first)
error: failed to push some refs to 'https://github.com/slsa-framework/example-package.git'
hint: Updates were rejected because the remote contains work that you do not
hint: have locally. This is usually caused by another repository pushing to
hint: the same ref. If you want to integrate the remote changes, use
hint: 'git pull' before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.
Creating new commit and pushing, attempt 2
Cloning into 'repo_checkout'...
[main 29ecc5cdb] .github/workflows/e2e.nodejs.push.branch1.default.slsa3.yml
 3 files changed, 4 insertions(+), 4 deletions(-)
Switched to a new branch 'branch1'
remote: 
remote: GitHub found 10 vulnerabilities on slsa-framework/example-package's default branch (1 moderate, 9 low). To find out more, visit:        
remote:      https://github.com/slsa-framework/example-package/security/dependabot        
remote: 
To https://github.com/slsa-framework/example-package.git
 + b0bfcd9ce...29ecc5cdb branch1 -> branch1 (forced update)
branch 'branch1' set up to track 'origin/branch1'.
Switched to branch 'main'
Your branch is ahead of 'origin/main' by 1 commit.
  (use "git push" to publish your local commits)
[main 464b[7](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:8)a46b] sync'ing branch1 - Fri May 17 06:08:27 UTC 2024
 1 file changed, 1 insertion(+), 1 deletion(-)
remote: 
remote: GitHub found 10 vulnerabilities on slsa-framework/example-package's default branch (1 moderate, 9 low). To find out more, visit:        
remote:      https://github.com/slsa-framework/example-package/security/dependabot        
remote: 
To https://github.com/slsa-framework/example-package.git
   a[8](https://github.com/slsa-framework/example-package/actions/runs/9123729977/job/25086683599#step:3:9)e79c80e..464b7a46b  main -> main

@ianlewis
Copy link
Member Author

Repo: https://github.com/slsa-framework/example-package/tree/branch1
Run: https://github.com/slsa-framework/example-package/actions/runs/9137808494
Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.nodejs.push.branch1.default.slsa3.yml
Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.branch1.default.slsa3.yml
Trigger: push
Branch: branch1
Date: Sat May 18 06:10:43 UTC 2024

Tests are passing now. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:nodejs Issue related to the Node.js builder e2e e2e integration tests type:bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ianlewis