lerna: Publish fails with 403 after update from lerna v3 to v5
Current Behavior
On our pipeline we build and publish our updated packages. We have been using lerna v3.22.1 for some time. It’s working fine. Tried updating to v5.1.6 and now the publishing fails. Did not do any other changes other than updating the version of lerna.
Are there any known breaking changes we should be aware of? Something else I should have updated?
Edit: Still fails with Lerna v6.4.1 with same error.
Expected Behavior
I expect to still be able to publish our packages with updated lerna. This worked fine with lerna v3.
Steps to Reproduce
This is the relevant part of our groovy script:
curl -u$artifactoryUser:$artifactoryPassword https://build-artifactory.xxx.com/artifactory/api/npm/auth >> ~/.npmrc
yarn run lerna publish --yes
Failure Logs / Configuration
Log with lerna v5:
Changes:
- @cmbu/browserstack: 13.0.0-lerna => 13.0.0-lerna.0
- @cmbu/eslint-plugin: 13.0.0-lerna => 13.0.0-lerna.0
- @cmbu/karma-commons: 13.0.0-lerna => 13.0.0-lerna.0
- @cmbu/ui-sdk: 13.0.0-lerna => 13.0.0-lerna.0
lerna info auto-confirmed
lerna info execute Skipping releases
lerna info git Pushing tags...
lerna WARN gitPush Warning: Identity file /home/jenkins/.ssh/bellevue-ci not accessible: No such file or directory.
lerna WARN gitPush Warning: Permanently added '[bellevue-ci-gerrit.xxx.com]:29418,[10.198.88.148]:29418' (ECDSA) to the list of known hosts.
lerna WARN gitPush fatal: the receiving end does not support --atomic push
lerna info gitPush --atomic failed, attempting non-atomic push
lerna info publish Publishing packages to npm...
lerna notice Skipping all user and access validation due to third-party registry
lerna notice Make sure you're authenticated properly ¯\_(ツ)_/¯
lerna WARN ENOLICENSE Packages @cmbu/browserstack, @cmbu/conventional-changelog-gerrit, @cmbu/eslint-plugin, and @cmbu/karma-commons are missing a license.
lerna WARN ENOLICENSE One way to fix this is to add a LICENSE.md file to the root of this repository.
lerna WARN ENOLICENSE See https://choosealicense.com for additional guidance.
lerna http fetch PUT 403 https://build-artifactory.xxx.com/artifactory/api/npm/npm-local/@cmbu%2feslint-plugin 149ms
lerna ERR! E403 forbidden
script returned exit code 1[CheckStyle] Skipping execution of recorder since overall result is 'FAILURE'
Recording test results
For comparison, with lerna v3:
Changes:
- @cmbu/browserstack: 13.0.2 => 13.0.3
- @cmbu/eslint-plugin: 13.0.4 => 13.0.5
- @cmbu/karma-commons: 13.0.3 => 13.0.4
- @cmbu/ui-sdk: 13.0.6 => 13.0.7
lerna info auto-confirmed
lerna info execute Skipping releases
lerna info git Pushing tags...
lerna WARN gitPush Warning: Identity file /home/jenkins/.ssh/bellevue-ci not accessible: No such file or directory.
lerna WARN gitPush Warning: Permanently added '[bellevue-ci-gerrit.xxx.com]:29418,[10.198.88.148]:29418' (ECDSA) to the list of known hosts.
lerna WARN gitPush fatal: the receiving end does not support --atomic push
lerna WARN gitPush
lerna info gitPush --atomic failed, attempting non-atomic push
lerna info publish Publishing packages to npm...
lerna notice Skipping all user and access validation due to third-party registry
lerna notice Make sure you're authenticated properly ¯\_(ツ)_/¯
lerna WARN ENOLICENSE Packages @cmbu/browserstack, @cmbu/eslint-plugin, and @cmbu/karma-commons are missing a license.
lerna WARN ENOLICENSE One way to fix this is to add a LICENSE.md file to the root of this repository.
lerna WARN ENOLICENSE See https://choosealicense.com for additional guidance.
lerna success published @cmbu/eslint-plugin 13.0.5
lerna notice
lerna notice 📦 @cmbu/eslint-plugin@13.0.5
lerna notice === Tarball Contents ===
lerna notice 645B index.js
lerna notice 2.4kB rules/no-barrel-imports.js
lerna notice 832B package.json
lerna notice 3.5kB CHANGELOG.md
lerna notice 2.5kB package.tgz
lerna notice === Tarball Details ===
lerna notice name: @cmbu/eslint-plugin
lerna notice version: 13.0.5
lerna notice filename: cmbu-eslint-plugin-13.0.5.tgz
lerna notice package size: 5.5 kB
lerna notice unpacked size: 9.9 kB
lerna notice shasum: 6c05c9d41dbd756f0bb5543d6c70473946a23799
lerna notice integrity: sha512-xBUo3coJmz3fD[...]v3Jvcb5Gg6QXw==
lerna notice total files: 5
lerna notice
lerna http fetch PUT 201 https://build-artifactory.xxx.com/artifactory/api/npm/npm-local/@cmbu%2feslint-plugin 549ms
It seems with v5 it no longer package the files and maybe that’s why it fails the publish? Not sure what else to look for in regards to error logs or other issues?
Environment
+ node -v
v14.15.4
+ yarn -v
3.1.1
+ lerna -v
5.1.6
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 12
- Comments: 26 (3 by maintainers)
Tried the newly released lerna 5.2 and still not working.
Having the same issue here after upgrade to v5
I am assuming we should stay with lerna 3 as v5 is not working properly?
I finally got the update to work after years of trying!
I did the following things:
npm config fix
after getting auth from artifactory (new command with npm 9)package.json
,lerna.json
etc are the same and ends with a/
. This is CRITICAL. In our lerna.json file we had a missing ending /Just like that, three years later I got it working! And now we can use
lerna 6.5.1
(dancing emoji)It would be nice if the error handling could be improved. I discovered this when we tried publishing manually with npm 9 directly to our artifactory and it kept failing with “user not authenticated” error, even though I was. Finally added the ending / and it works. Same bad error.
I tried updating to Node 18, but no luck still getting the same error:
lerna ERR! E403 forbidden
I guess many of us will forever be stuck with lerna v3. Boo! Lerna v4 broke it, and v5 and v6 still have the same issue. I wish we could revert that part so we can update.
I had the exact same issue using Lerna 5.2.0 and 5.3.0
And following the @JamesHenry comment regarding this NPM issue, we solved our problem changing our
.npmrc
from:to
Getting the same issue. This is my new .npmrc file
Same issue on v4 as well, so probably isn’t related to some recent bug