github: RequestError [HttpError]: Cookies must be enabled to use GitHub.

Current behavior

I set-up a semantic-release workflow via GitHub actions for the repository https://github.com/kleinfreund/vue-accessible-color-picker. On push, the workflow was run and the first version of my package was published (yay!). However, the next step failed (full error below):

[semantic-release] › ✖  Failed step "publish" of plugin "@semantic-release/github"
[semantic-release] › ✖  An error occurred while running semantic-release: RequestError [HttpError]: Cookies must be enabled to use GitHub.

I’m not sure what to make of this error. I don’t recall reading anything in the getting started documents and articles I followed about some cookie settings I needed to be aware of.

Note that I have both NPM_TOKEN and GH_TOKEN configured via the secrets settings of the repository in question. The GH_TOKEN is a public access token which was created with the public_repo permission.

What am I missing from my setup and how can I recover from this botched release?

full error

[semantic-release] › ✖ Failed step “publish” of plugin “@semantic-release/github” [semantic-release] › ✖ An error occurred while running semantic-release: RequestError [HttpError]: Cookies must be enabled to use GitHub. at /home/runner/work/vue-accessible-color-picker/vue-accessible-color-picker/node_modules/@octokit/request/dist-node/index.js:66:23 at processTicksAndRejections (internal/process/task_queues.js:97:5) { status: 403, headers: { ‘cache-control’: ‘no-cache’, connection: ‘close’, ‘content-encoding’: ‘gzip’, ‘content-security-policy’: “default-src ‘none’; base-uri ‘self’; block-all-mixed-content; connect-src ‘self’ uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action ‘self’ github.com gist.github.com; frame-ancestors ‘none’; frame-src render.githubusercontent.com; img-src ‘self’ data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com .githubusercontent.com; manifest-src ‘self’; media-src ‘none’; script-src github.githubassets.com; style-src ‘unsafe-inline’ github.githubassets.com", ‘content-type’: ‘text/plain; charset=utf-8’, date: ‘Thu, 14 May 2020 17:40:28 GMT’, ‘expect-ct’: ‘max-age=2592000, report-uri=“https://api.github.com/_private/browser/errors”’, ‘referrer-policy’: ‘origin-when-cross-origin, strict-origin-when-cross-origin’, server: ‘GitHub.com’, ‘set-cookie’: ‘_gh_sess=[REDACTED]; path=/; secure; HttpOnly’, status: ‘403 Forbidden’, ‘strict-transport-security’: ‘max-age=31536000; includeSubdomains; preload’, ‘transfer-encoding’: ‘chunked’, vary: ‘X-PJAX, Accept-Encoding, Accept, X-Requested-With’, ‘x-content-type-options’: ‘nosniff’, ‘x-frame-options’: ‘deny’, ‘x-github-request-id’: ‘0400:0851:57C564:924595:5EBD828C’, ‘x-xss-protection’: ‘1; mode=block’ }, request: { method: ‘POST’, url: ‘https://github.com/repos/kleinfreund/vue-accessible-color-picker/releases’, headers: { accept: ‘application/vnd.github.v3+json’, ‘user-agent’: ‘octokit-rest.js/17.9.0 octokit-core.js/2.5.0 Node.js/12.16.3 (Linux 5.3; x64)’, authorization: ‘token [REDACTED]’, ‘content-type’: ‘application/json; charset=utf-8’ }, body: '{“tag_name”:“v1.0.0”,“name”:“v1.0.0”,“body”:"# 1.0.0 (2020-05-14)\n\n\n### Features\n\n implement initial version of vue-accessible-color-picker (eba7d30)\n\n\n\n”,“prerelease”:false}‘, request: { agent: undefined, hook: [Function: bound bound register] } }, pluginName: ‘@semantic-release/github’ } RequestError [HttpError]: Cookies must be enabled to use GitHub. at /home/runner/work/vue-accessible-color-picker/vue-accessible-color-picker/node_modules/@octokit/request/dist-node/index.js:66:23 at processTicksAndRejections (internal/process/task_queues.js:97:5) { status: 403, headers: { ‘cache-control’: ‘no-cache’, connection: ‘close’, ‘content-encoding’: ‘gzip’, ‘content-security-policy’: “default-src ‘none’; base-uri ‘self’; block-all-mixed-content; connect-src ‘self’ uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action ‘self’ github.com gist.github.com; frame-ancestors ‘none’; frame-src render.githubusercontent.com; img-src ‘self’ data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com .githubusercontent.com; manifest-src ‘self’; media-src ‘none’; script-src github.githubassets.com; style-src ‘unsafe-inline’ github.githubassets.com", ‘content-type’: ‘text/plain; charset=utf-8’, date: ‘Thu, 14 May 2020 17:40:28 GMT’, ‘expect-ct’: ‘max-age=2592000, report-uri=“https://api.github.com/_private/browser/errors”’, ‘referrer-policy’: ‘origin-when-cross-origin, strict-origin-when-cross-origin’, server: ‘GitHub.com’, ‘set-cookie’: ‘_gh_sess=[REDACTED]; path=/; secure; HttpOnly’, status: ‘403 Forbidden’, ‘strict-transport-security’: ‘max-age=31536000; includeSubdomains; preload’, ‘transfer-encoding’: ‘chunked’, vary: ‘X-PJAX, Accept-Encoding, Accept, X-Requested-With’, ‘x-content-type-options’: ‘nosniff’, ‘x-frame-options’: ‘deny’, ‘x-github-request-id’: ‘0400:0851:57C564:924595:5EBD828C’, ‘x-xss-protection’: ‘1; mode=block’ }, request: { method: ‘POST’, url: ‘https://github.com/repos/kleinfreund/vue-accessible-color-picker/releases’, headers: { accept: ‘application/vnd.github.v3+json’, ‘user-agent’: ‘octokit-rest.js/17.9.0 octokit-core.js/2.5.0 Node.js/12.16.3 (Linux 5.3; x64)’, authorization: ‘token [REDACTED]’, ‘content-type’: ‘application/json; charset=utf-8’ }, body: '{“tag_name”:“v1.0.0”,“name”:“v1.0.0”,“body”:"# 1.0.0 (2020-05-14)\n\n\n### Features\n\n implement initial version of vue-accessible-color-picker (eba7d30)\n\n\n\n”,“prerelease”:false}’, request: { agent: undefined, hook: [Function: bound bound register] } }, pluginName: ‘@semantic-release/github’ } ##[error]Process completed with exit code 1.

Expected behavior

For this error to not happened

for this error to actually tell me something useful (I know this is in particular not a problem with semantic-release).

Environment

semantic-release version: 17.0.7
CI environment: GitHub actions
Plugins used: none
semantic-release configuration: https://github.com/kleinfreund/vue-accessible-color-picker/blob/main/release.config.js
CI logs: https://github.com/kleinfreund/vue-accessible-color-picker/runs/675427677

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 4
Comments: 28 (10 by maintainers)

Commits related to this issue

fix(release): use GH_URL env variable See https://github.com/semantic-release/github/issues/268#issuecomment-628816386 — committed to Silthus/sLib by Silthus 4 years ago
chore(release): 1.1.2 [skip ci] ## [1.1.2](https://github.com/Silthus/sLib/compare/v1.1.1...v1.1.2) (2020-05-24) ### Bug Fixes * **release:** use GH_URL env variable ([b7c5c20](https://github.com/S... — committed to Silthus/sLib by semantic-release-bot 4 years ago
fix(release): set GH_URL to set github api url Workaround for https://github.com/semantic-release/github/issues/268 — committed to Silthus/sInventoryKeeper by Silthus 4 years ago
fix(release): override GitHub API url with GH_URL Workaround for https://github.com/semantic-release/github/issues/268 — committed to sVoxelDev/spigot-plugin-template by Silthus 4 years ago

Most upvoted comments

I’m close, thanks #269

gr2m on May 14, 2020

i still have this problem. its publishes the tag in npm and github but not comunicates with github, to update the pull requests etc…

2020-05-20T22:20:10.7702373Z [10:20:10 PM] [semantic-release] â€º âœ”  Completed step "publish" of plugin "@semantic-release/npm"
2020-05-20T22:20:10.7703012Z [10:20:10 PM] [semantic-release] â€º â„¹  Start step "publish" of plugin "@semantic-release/github"
2020-05-20T22:20:10.8710449Z [10:20:10 PM] [semantic-release] â€º âœ–  Failed step "publish" of plugin "@semantic-release/github"
2020-05-20T22:20:10.8744320Z [10:20:10 PM] [semantic-release] â€º âœ–  An error occurred while running semantic-release: RequestError [HttpError]: Cookies must be enabled to use GitHub.
2020-05-20T22:20:10.8745870Z     at /home/runner/work/catho-components/catho-components/node_modules/@octokit/request/dist-node/index.js:66:23
2020-05-20T22:20:10.8746684Z     at processTicksAndRejections (internal/process/task_queues.js:97:5) {
2020-05-20T22:20:10.8747273Z   status: 403,
2020-05-20T22:20:10.8747813Z   headers: {
2020-05-20T22:20:10.8749633Z     'cache-control': 'no-cache',
2020-05-20T22:20:10.8750560Z     connection: 'close',
2020-05-20T22:20:10.8751483Z     'content-encoding': 'gzip',
2020-05-20T22:20:10.8755809Z     'content-security-policy': "default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js",
2020-05-20T22:20:10.8757171Z     'content-type': 'text/plain; charset=utf-8',
2020-05-20T22:20:10.8758175Z     date: 'Wed, 20 May 2020 22:20:10 GMT',
2020-05-20T22:20:10.8759432Z     'expect-ct': 'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"',
2020-05-20T22:20:10.8760820Z     'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
2020-05-20T22:20:10.8761762Z     server: 'GitHub.com',
2020-05-20T22:20:10.8770982Z     'set-cookie':

But my repo is private. Is that a problem?

rapahaeru on May 20, 2020

@ENikS sorry for the disruption.

FYI, we’re also turning off the feature flag now so Actions will stop setting GITHUB_URL. We’re going to switch to GITHUB_SERVER_URL before re-enabling, so it doesn’t conflict with semantic-release/github.

ericsciple on May 18, 2020

Thanks for confirming Eric! I’ll workaround it in semantic-release 👍

gr2m on May 14, 2020

With “manually create the release for v1.0.0” I mean create it using the UI on github.com. The tag already exists, that’s all semantic-release cares about moving forward. But if you want to add release notes, then you have to create a release manually.

Let me try to reproduce the problem you experienced with a test repository, hold on

gr2m on May 14, 2020