Comments (5)
Can you share the exact error that you encountered?
A good place to start looking into would be:
Line 36 in 121be23
from dripip.
To help work on this I've enabled npm 2fa for publishing on my account. Here is the error I now get:
$ dripip preview
Error: The following command failed to complete successfully:
yarn publish --tag next --no-git-tag-version --new-version 0.10.1-next.1
It ended with this exit code:
1
This underlying error occured (null = none occured):
null
It received signal (null = no signal received):
null
It output on stderr (null = not spawned in pipe mode):
error Couldn't publish package: "Can't answer a question unless a user TTY"
It output on stdout (null = not spawned in pipe mode):
Not sure yet but guessing some possible solutions:
- Forward tty to spawn and let user deal with it directly
- Present own prompt and forward passed value
- In addition to above: Accept new flag where user can pass 2fa info
- In addition to above: Accept new config where 2fa info will be read from (but I don't think this is how 2fa works, its based on transient codes sent to secondary devices... so this doesn't seem like a viable option for anything?)
-- edit
Re 3: I think a flag is weird for OTP, it has to be an interactive thing, flag gives little value over prompt
Re 4: Yep doesn't make sense, too transient.
from dripip.
With 2fa enabled here is the login flow:
❯ npm login
Username: dripip-2fa
Password:
Email: (this IS public) [email protected]
Enter one-time password from your authenticator app: 437488
Logged in as dripip-2fa on https://registry.npmjs.org/.
from dripip.
Some official info here https://docs.npmjs.com/about-two-factor-authentication
from dripip.
With 2fa enabled here is the publish flow:
❯ npm publish
npm notice
npm notice 📦 [email protected]
npm notice === Tarball Contents ===
npm notice 0 index.js
npm notice 255B package.json
npm notice === Tarball Details ===
npm notice name: dripip-system-tests
npm notice version: 0.0.0-test.2fa.2
npm notice package size: 300 B
npm notice unpacked size: 255 B
npm notice shasum: 450fcb9886ffba6c2d33d756c438ee946bd400a9
npm notice integrity: sha512-JuIEwOxVr3CBl[...]Ynz4oHpiq7fPA==
npm notice total files: 2
npm notice
This operation requires a one-time password.
Enter OTP: 352695
+ [email protected]
My conclusion is that when 2fa is enabled we should forward the tty to the user.
I don't think this 2fa flow is designed for CI workflows. There is no tty in CI.
Since the OTP is ephemeral, this isn't something that could really ever be stored as an environment variable.
Therefore bringing 2fa support to dripip is about support its manual use by users, rather than unblocking any issues in CI.
I think when we resolve this issue we need to qualify what we mean when we say we support 2fa.
I also think this feature isn't a top priority since CI publishing is a best practice and what dripip is designed for first.
Still manual publishing is an important escape hatch. And I think it feels uncomfortable to use a tool that won't let you go manual if ever you need to.
from dripip.
Related Issues (20)
- in-repo changelogs
- see what we can learn from np
- Use yargs instead of oclif
- Better changelog terminal design
- Review changesets for learnings
- dripip is dependent on an unreleased version of chaindown HOT 4
- Try check-spelling action
- dripip preview --json causes to JSONError HOT 1
- Does not work with private GitHub repos
- Dependency Dashboard
- PR builds aren't identifiable for backdated releases HOT 1
- Use gh action workflow dispatch for doing production releases
- Initial release errors (TypeError versions.filter)
- Commit with only numbers appears to violate semver
- In release notes, add quick link to npm.
- Extract conventional commits parser into own package or use external tool
- Changelog formatting improvements
- unexpected appended `:` on package publish HOT 1
- Use npm package for ci detection
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dripip.