@semantic-release/github
Advanced tools
@semantic-release/github - npm Package Compare versions
Comparing version 10.3.2 to 10.3.3
@@ -181,23 +181,11 @@ import { inspect } from "node:util"; | ||
| return { | ||
| message: `The GitHub token doesn't allow to push to and maintain the repository ${owner}/${repo}.`, | ||
| message: `The GitHub token doesn't allow to push on the repository ${owner}/${repo}.`, | ||
| details: `The user associated with the [GitHub token](${linkify( | ||
| "README.md#github-authentication", | ||
| )}) configured in the \`GH_TOKEN\` or \`GITHUB_TOKEN\` environment variable must have permission to push to and maintain the repository ${owner}/${repo}. | ||
| )}) configured in the \`GH_TOKEN\` or \`GITHUB_TOKEN\` environment variable must allows to push to the repository ${owner}/${repo}. | ||
| Please make sure the GitHub user associated with the token is an [owner](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#owner-access-on-a-repository-owned-by-a-user-account) or a [collaborator](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#collaborator-access-on-a-repository-owned-by-a-user-account) if the repository belongs to a user account or has [write permissions](https://help.github.com/articles/managing-team-access-to-an-organization-repository) if the repository [belongs to an organization](https://help.github.com/articles/repository-permission-levels-for-an-organization).`, | ||
| Please make sure the GitHub user associated with the token is an [owner](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#owner-access-on-a-repository-owned-by-a-user-account) or a [collaborator](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#collaborator-access-on-a-repository-owned-by-a-user-account) if the repository belong to a user account or has [write permissions](https://help.github.com/articles/managing-team-access-to-an-organization-repository) if the repository [belongs to an organization](https://help.github.com/articles/repository-permission-levels-for-an-organization).`, | ||
| }; | ||
| } | ||
| export function EGHNOSCOPE({ scopes }) { | ||
| return { | ||
| message: `The GitHub token doesn't have the necessary OAuth scopes to write contents, issues, and pull requests.`, | ||
| details: `The [GitHub token](${linkify( | ||
| "README.md#github-authentication", | ||
| )}) configured in the \`GH_TOKEN\` or \`GITHUB_TOKEN\` environment variable must have the correct scopes. | ||
| ${scopes ? `\nThe token you used has scopes: ${scopes.join(", ")}\n` : ""} | ||
| For classic PATs, make sure the token has the \`repo\` scope if the repository is private, or \`public_repo\` scope otherwise. | ||
| For fine-grained PATs, make sure the token has the \`content: write\`, \`issues: write\`, and \`pull_requests: write\` scopes on the repository.`, | ||
| }; | ||
| } | ||
| export function EINVALIDGHTOKEN({ owner, repo }) { | ||
@@ -204,0 +192,0 @@ return { |
@@ -110,17 +110,4 @@ import { | ||
| const { | ||
| headers, | ||
| data: { private: _private, permissions, clone_url }, | ||
| data: { permissions, clone_url }, | ||
| } = await octokit.request("GET /repos/{owner}/{repo}", { repo, owner }); | ||
| // GitHub only returns this header if the token is a classic PAT | ||
| if (headers?.["x-oauth-scopes"]) { | ||
| const scopes = headers["x-oauth-scopes"].split(/\s*,\s*/g); | ||
| if ( | ||
| !scopes.includes("repo") && | ||
| (_private || !scopes.includes("public_repo")) | ||
| ) { | ||
| errors.push(getError("EGHNOSCOPE", { scopes })); | ||
| } | ||
| } | ||
| // Verify if Repository Name wasn't changed | ||
@@ -141,3 +128,3 @@ const parsedCloneUrl = parseGithubUrl(clone_url); | ||
| // But GitHub Actions have all permissions required for @semantic-release/github to work | ||
| if (!env.GITHUB_ACTION && !(permissions?.push && permissions?.maintain)) { | ||
| if (!env.GITHUB_ACTION && !permissions?.push) { | ||
| // If authenticated as GitHub App installation, `push` will always be false. | ||
@@ -144,0 +131,0 @@ // We send another request to check if current authentication is an installation. |
| { | ||
| "name": "@semantic-release/github", | ||
| "description": "semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues", | ||
| "version": "10.3.2", | ||
| "version": "10.3.3", | ||
| "type": "module", | ||
@@ -6,0 +6,0 @@ "author": "Pierre Vanduynslager (https://twitter.com/@pvdlg_)", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-1.25%
94452
- Lines of code
- decreased by-1.32%
1641
No dependency changes