🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.

I had a publish fail because my personal access token was expired. However, the verifyConditions step of semantic-release-vsce passed so semantic-release ended up creating and pushing the git tag, meaning on the next CI build it mistakenly thought various commits had been published, when they hadn't.

The npm plugin verifies the npm token in the verifyConditions step in most cases: https://github.com/semantic-release/npm/blob/master/index.js#L36

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

The release 5.2.2 on branch master cannot be published as it is out of range.

Based on the releases published on other branches, only versions within the range >=5.2.1 <5.2.2 can be published from branch master.

The following commits are responsible for the invalid release:

• build(deps): bump ovsx from 0.5.1 to 0.5.2 (#347) (5c94e27)
• fix: use context's cwd for vsce calls (#349) (86b499e)
• fix: make sure to use locally installed vsce (#348) (6d18e32)
• build(deps-dev): bump @commitlint/cli from 17.1.2 to 17.2.0 (#352) (5f949bb)
• build(deps-dev): bump @commitlint/config-conventional (#351) (f8b16d1)
• build(deps-dev): bump eslint-plugin-n from 15.3.0 to 15.4.0 (#350) (a56f765)
• build(deps-dev): bump ava from 4.3.3 to 5.0.1 (#345) (c17e38e)
• build(deps-dev): bump eslint from 8.25.0 to 8.26.0 (#346) (e469aa8)

Those commits should be moved to a valid branch with git merge or git cherry-pick and removed from branch master with git revert or git reset.

A valid branch could be next.

See the workflow configuration documentation for more details.

Good luck with your project ✨

Your semantic-release bot 📦🚀

https://github.com/eclipse/openvsx/wiki/Publishing-Extensions

All the other env vars GH_TOKEN, NPM_TOKEN etc use the TOKEN suffix (and all my semantically released vscode extensions 😛 )

As far as I've seen there is no config option to handle this vsce 1.99.+ feature - is there?

More details found at https://code.visualstudio.com/api/working-with-extensions/publishing-extension#platformspecific-extensions and a CI sample at https://github.com/microsoft/vscode-platform-specific-sample

• microsoft/vscode-vsce#759

When the semantic release action is executed using the vsce plugin in my repo, Testify, i get the following error:

[8:23:46 PM] [semantic-release] › ✖  EINVALIDVSCETOKEN Invalid vsce token. Additional information:

Error: Command failed with ENOENT: vsce verify-pat
spawn vsce ENOENT
Error: AggregateError: 
    SemanticReleaseError: Invalid vsce token. Additional information:
    Error: Command failed with ENOENT: vsce verify-pat
    spawn vsce ENOENT
        at module.exports (/home/runner/work/_actions/cycjimmy/semantic-release-action/v3/node_modules/semantic-release-vsce/lib/verify-auth.js:14:11)
        at processTicksAndRejections (node:internal/process/task_queues:96:5)
        at async module.exports (/home/runner/work/_actions/cycjimmy/semantic-release-action/v3/node_modules/semantic-release-vsce/lib/verify.js:8:3)
        at async verifyConditions (/home/runner/work/_actions/cycjimmy/semantic-release-action/v3/node_modules/semantic-release-vsce/index.js:10:3)
        at async validator (/home/runner/work/_actions/cycjimmy/semantic-release-action/v3/node_modules/semantic-release/lib/plugins/normalize.js:34:24)
        at async /home/runner/work/_actions/cycjimmy/semantic-release-action/v3/node_modules/semantic-release/lib/plugins/pipeline.js:37:34
        at async Promise.all (index 0)
        at async next (/home/runner/work/_actions/cycjimmy/semantic-release-action/v3/node_modules/p-reduce/index.js:16:18)

I am using the GitHub secrets to store my Personal Access Token and I double checked that the token is really there.

I also double checked the permissions of said token in the Azure Portal and it has the necessary access specified in the VSCode documentation

When I run the same command as the plugin locally, I get the following result:

The Personal Access Token verification succeeded for the publisher 'felixjb'.

Is this a bug? Am I doing anything wrong?

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

The release 5.0.0 on branch master cannot be published as it is out of range.

Based on the releases published on other branches, only versions within the range >=4.0.1 <5.0.0 can be published from branch master.

The following commits are responsible for the invalid release:

• refactor!: drop support for VSCE_TOKEN (#234) (4fbaa86)
• refactor!: drop yarn option (#233) (df92b55)
• build(deps-dev): bump semantic-release from v18 to v19 (#232) (8fece4f)
• build(deps-dev): upgrade eslint to v8 (#231) (ca721ee)
• build(deps): bump vsce from 1.99.0 to 2.6.3 (#225) (2dbf345)
• build(deps-dev): bump eslint-plugin-promise from 5.1.0 to 6.0.0 (#216) (577f9fd)
• build(deps): set minimum semantic-release as 18 (#210) (50e9a8e)
• build(deps): bump @semantic-release/error from 2.2.0 to 3.0.0 (#183) (0b91510)
• build(deps-dev): bump conventional-changelog-conventionalcommits (#221) (dcef06d)
• build(deps-dev): bump husky from 6.0.0 to 7.0.4 (#193) (b1da469)
• build(deps-dev): bump sinon from 11.1.2 to 12.0.1 (#201) (31c3397)
• build(deps-dev): bump @commitlint/config-conventional (#217) (f352672)
• build(deps-dev): bump eslint-plugin-import from 2.23.4 to 2.25.4 (#224) (8cab41b)
• build(deps-dev): bump @commitlint/cli from 12.1.4 to 16.0.2 (#227) (ee537ff)
• build(deps-dev): bump ava from 3.15.0 to 4.0.1 (#228) (4684482)
• build(deps-dev): remove eslint-plugin-standard (#230) (ebd489a)
• build(deps): drop support for Node 10 and 12 (#229) (dc6424c)
• ci: set dependabot branch as next (f370dfe)
• ci: enable next branch (3dda24d)

Those commits should be moved to a valid branch with git merge or git cherry-pick and removed from branch master with git revert or git reset.

A valid branch could be next.

See the workflow configuration documentation for more details.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Hey 👋,

It would be great if we could use this plugin without the need to publish the extension to the marketplace.

I could send in a PR to that effect if you're open to it.

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two Factor Authentication for your account, set its level to "Authorization only" in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

I'm about to create a fork of it because I need to add more features to this plugin to use it.

However, it's always good to prevent unneeded forks so people do not get confused.

If you're looking for maintainers, I'm also willing to help.

/cc @raix @felixfbecker

It seems that the environment variable VSCE_PAT is supported by vsce out-of-the-box: microsoft/vscode-vsce#528.

A suggestion is to keep the support for both VSCE_PAT and VSCE_TOKEN.

Hi There

First of all: Cool!

I just want to check if I do something wrong:

[Semantic release]: An error occurred while running semantic-release: Error: The "getLastRelease" plugin output if defined, must be an object with a valid semver version in the "version" property and the corresponding git reference in "gitHead" property. Received: { version: '1.8.0' }
    at Object.getLastRelease (/home/travis/build/buehler/typescript-hero/node_modules/semantic-release/lib/plugins/normalize.js:44:13)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:160:7)

That's the output of SR when I run it with version 12.

Is there something missing?

(package.json):

"release": {
    "verifyConditions": [
      "semantic-release-vsce",
      "@semantic-release/github"
    ],
    "getLastRelease": "semantic-release-vsce",
    "publish": [
      {
        "path": "semantic-release-vsce",
        "packageVsix": "your-extension.vsix"
      },
      {
        "path": "@semantic-release/github",
        "assets": "your-extension.vsix"
      }
    ]
  },

Cheers

It would be good if the docs had a similar template as the other semantic-release plugins, such as @semantic-release/github. This would make it easier for newcomers to understand.

Also, the example in the docs uses an older version of semantic-release, where you had to set which plugins to use at each step. Nowadays, you can do this simpler, by only specifying which plugins to use.

The Problem

When updating the version number in a projects package.json, update-package-version.js seems to be removing formatting.

Example

AndrewLeedham/vscode-css-modules@8f9692f

Solution

Pass the spaces option to fs-extra's writeJson function. Ideally this would be detected from the input package.json.

Related

I original thought this was an issue with @semantic-release/git.

Hi,

I've a github project that is pushing multiple packages (npm, vsce, etc...)
Each are built to an out folder with custom package.json

For npm, I define the path as:

    [
      "@semantic-release/npm",
      {
        "pkgRoot": "./out/linter"
      }
    ],

But I cannot find a similar setting for vsce, which result in the plugin publishing the root sources instead of out/vscode, which basically publishes an unusable package.

I wonder how can that be done using this plugin?

It will always fail with SemanticReleaseError: package.json not found. A package.json is required to release with vsce.

The reason for that is that in a5c7c28 the dependency read-pkg-up was updated from version 4.0.0 to version 7.0.1. One breaking change has been that the property pkg of the return-value has been renamed to packageJSON, which is why https://github.com/raix/semantic-release-vsce/blob/master/lib/verify.js#L7 is always undefined.

The dependency vsce was updated from 1.58.0 to 1.59.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

vsce is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.

Your Greenkeeper Bot 🌴

• vsce package --yarn
• vsce publish --yarn

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two-Factor Authentication, make configure the auth-only level is supported. semantic-release cannot publish with the default auth-and-writes level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

I have done my first successful release of https://github.com/raix/vscode-perl-debug

Using semantic-release ^10.0.1 and semantic-release-vsce ^0.1.4

cc. @felixfbecker

The example in the readme is ancient and needs to be refreshed.

Log

• .releaserc.yml
• workflow file: https://github.com/scarf005/Cataclysm-BN-tools/actions/runs/3256483667/workflow
• excerpt from https://github.com/scarf005/Cataclysm-BN-tools/actions/runs/3256483667/jobs/5347034331

pnpx vsce verify-pat scarf --pat $VSCE_PAT
The Personal Access Token verification succeeded for the publisher 'scarf'.

pnpx semantic-release
Error: Command failed with ENOENT: vsce verify-pat
spawn vsce ENOENT
AggregateError: 
    SemanticReleaseError: Invalid vsce token. Additional information:
    Error: Command failed with ENOENT: vsce verify-pat
    spawn vsce ENOENT

I've correctly set up publisher as scarf in my package.json, however it fails with an error.

As of @semantic-release/git v3.0.0 (semantic-release/git@c8119da), getLastRelease is no longer part of the @semantic-release/git plugin, so you if configure semantic-release-vsce as it is said in the readme, using "getLastRelease": "@semantic-release/git", semantic-release throws the following error: EPLUGINCONF The getLastRelease plugin must be a function, or an object with a function in the property getLastRelease.

Is there any way to continue using this plugin without having to downgrade @semantic-release/git to v2.2.0?

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two Factor Authentication for your account, set its level to "Authorization only" in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Hi, I'm using pnpm and there is a workaround needed: microsoft/vscode-vsce#421 (comment)

// this is my package.json
"scripts": {
    "package": "pnpm vsce package --no-dependencies",
    "publish": "pnpm vsce publish --no-dependencies"
}

Without it, the release fails with:

Error: Command failed: npm list --production --parseable --depth=99999 --loglevel=error
npm ERR! code ELSPROBLEMS

Version 10 of Node.js (code name Dubnium) has been released! 🎊

To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:

• Added the new Node.js version to your .travis.yml
• The new Node.js version is in-range for the engines in 1 of your package.json files, so that was left alone

If you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.

Your Greenkeeper Bot 🌴

Now that vsce has a command for that. microsoft/vscode-vsce#532

Thanks to @felixfbecker, it was identified that this breaking change was unnecessary. Therefore, the releases v4.0.0 and v4.0.1 were unpublished from NPM, and the release v3.1.3 is the current up-to-date.

For users

For those who already upgraded to v4, please downgrade it to v3.1.3. If you had set vsce in your devDependencies because it was a peerDependency on v4, you can now remove it.

If you intend to make this plugin use a specific version of vsce, you can manually add it to your devDependencies, as long as the version you choose matches the current range of supported versions, which today is ^1.73.0 (any 1.x version higher or equal than 1.83).

For maintainers

When a new breaking change finally arrives targeting v4.0.0 again, it will be needed to perform work around over semantic-release, since NPM does not support re-publishing the same version. Basically:

1. Push the v4.0.0 and v4.0.1 tags to GitHub, pointing to the to-date latest tag
2. Trigger semantic-release, so the next version will be v4.0.2
3. Delete the tags v4.0.0 and v4.0.1 on GitHub
4. Edit the release notes to fix the first line, pointing to the correct version comparison URL.

Then vsce automatically finds a filename for the file. Thus, we can use a wildcard to include *.vsix in GitHub Releases.

I know VSC plugins don't support prereleases, but since it's recommended to use Github releases to handle regression errors, we could also use Github to handle beta releases.

It's very possible that I'm missing an obvious solution to this. 😅

Hi, I'm trying to use this plugin to release a sample vscode extension, but I'm getting this error about the vsce access token

any clue on what am I doing wrong?

Link Repository:
https://github.com/ngx-devs/ngxd-console-test

Action:
https://github.com/ngx-devs/ngxd-console-test/runs/6392104433?check_suite_focus=true

Due to master->main branch rename we need to pass --githubBranch option to vsce. I currently see no way of doing that and because of that relative image paths on VSCode Market place are broken.

Would it be possible to support CLI arguments, eg. something like:

      - name: Publish
        run: npx semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          VSCE_PAT: ${{ secrets.PUBLISHER_TOKEN }}
          VSCE_PACKAGE_ARGS: "--baseImagesUrl https://raw.githubusercontent.com/org/repo/branch/"

As I am building a Semantic Release image, pulling in this plugin, I am finding simple-get <= 4.0.1 vulnerabilty:

Using Trivy:

+------------+------------------+----------+-------------------+---------------+--------------------------------------+
|  LIBRARY   | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+------------+------------------+----------+-------------------+---------------+--------------------------------------+
| simple-get | CVE-2022-0355    | HIGH     | 3.1.0             | 4.0.1         | simple-get: exposure of sensitive    |
|            |                  |          |                   |               | information to an unauthorized actor |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2022-0355 |
+------------+------------------+----------+-------------------+---------------+--------------------------------------+

Using Grype:

NAME         INSTALLED  FIXED-IN  VULNERABILITY        SEVERITY 
simple-get   3.1.0      4.0.1     GHSA-wpg7-2c88-r8xv  High

Would really like to try this out!

Hello, Firstly thank you for creating this package i use it a lot. Are you planning on updating the deps? If not would you like help maintaining this package?