0

Github Actions build script

name: Deploy
on:
 push:
   branches: [ "main" ]

jobs:
   build_on_mac:
     runs-on: macos-latest
     steps:
     - uses: actions/checkout@v3
       with:
         persist-credentials: false
     - name: Use HTTP
       run: >
         git config --global url."https://github.com".insteadOf ssh://git@github.com
     - uses: actions/setup-node@v3
       with:
         node-version: 14
     - name: install dependencies
       run: npm install

It keeps falling for a particular package randomly.. worked 1 out of 10 times

npm WARN tarball tarball data for buble@git+ssh://git@github.com/pemrouz/buble.git#4e639aeeb64712ac95dc30a52750d1ee4432c9c8 (sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA==) seems to be corrupted. Trying one more time.
7
npm ERR! Verification failed while extracting buble@git+ssh://git@github.com/pemrouz/buble.git#4e639aeeb64712ac95dc30a52750d1ee4432c9c8:
2895
npm ERR! sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA== integrity checksum failed when using sha512: wanted sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA== but got sha512-J+yRnScDV19Vr5+C8D5IJiIN2auC9t54tYpJmeqVxgyIyJQmF95mqBwBXzXKyvIH9aZvY6RlQqtMsQm0gdH7UQ==. (801561 bytes)

2635

So the problem is that when package-lock.json is generated locally it has

sha512-vBjSU8v5gODqXVUvlpgEzjtSMXz2Am8Yh7O1PUZmx6DAzKWT1CrYm5azoYhAGLCWOlkd4aN6LEOCZ+dgVt2rFA==

But when getting downloaded by actions it is

sha512-J+yRnScDV19Vr5+C8D5IJiIN2auC9t54tYpJmeqVxgyIyJQmF95mqBwBXzXKyvIH9aZvY6RlQqtMsQm0gdH7UQ==

Workaround is to replace the SHA in GitHub with expected one which allows build to complete but obviously that looks wrong..

So options I can think are

  • Can someone please tell me how to add this package permanently into build so that GitHub doesn't need to install it
  • Or how to fix this issue? It doesn't seem to want to take https:// and takes ssh://git@github.com . Not sure if that is causing anything

Also if I use the option to replace the SHA in package-lock.json then the publish fails with another error

Publish Action

name: Release
on:
  release:
    types:
      - created

jobs:
  publish_on_mac:
    runs-on: macos-latest
    steps:
    - uses: actions/checkout@v3
      with:
         persist-credentials: false
    - name: HTTPS
      run: >
         git config --global url."https://github.com".insteadOf ssh://git@github.com
    - uses: actions/setup-node@v3
      with:
        node-version: 14
    - name: install dependencies
      run: npm install
    - name: publish
      run: npm run publish

Error

npm ERR! /usr/local/bin/git ls-remote -h -t ssh://git@github.com/pemrouz/buble.git
1226
npm ERR! 
1227
npm ERR! Warning: Permanently added the ECDSA host key for IP address '140.xxx.xxx.xxx' to the list of known hosts.
1228
npm ERR! git@github.com: Permission denied (publickey).
1229
npm ERR! fatal: Could not read from remote repository.
1230
npm ERR! 
1231
npm ERR! Please make sure you have the correct access rights
1232
npm ERR! and the repository exists.
1233
npm ERR! 
1234
npm ERR! exited with error code: 128
  • How do we fix this as well?
Chris T
  • 155
  • 1
  • 11
  • The error seems related to what happened in this SO question as well: https://stackoverflow.com/questions/69634515/npm-err-gitgithub-com-permission-denied-publickey-in-github-action, did you try the solution suggested there? – GuiFalourd Jun 18 '22 at 18:45
  • The solution given there is not going to work as it is already in my publish action as you can see above – Chris T Jun 18 '22 at 22:41

0 Answers0