@semantic-release/github 10.1.4 → 10.1.5

package/lib/definitions/errors.js

@@ -139,6 +139,19 @@ By default the \`repositoryUrl\` option is retrieved from the \`repository\` pro
   };
 }
 
+export function EMISMATCHGITHUBURL({ repositoryUrl, clone_url }) {
+  return {
+    message: "The git repository URL mismatches the GitHub URL.",
+    details: `The **semantic-release** \`repositoryUrl\` option must have the same repository name and owner as the GitHub repo.
+
+Your configuration for the \`repositoryUrl\` option is \`${stringify(repositoryUrl)}\` and the \`clone_url\` of your GitHub repo is \`${stringify(clone_url)}\`.
+
+By default the \`repositoryUrl\` option is retrieved from the \`repository\` property of your \`package.json\` or the [git origin url](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) of the repository cloned by your CI environment.
+
+Note: If you have recently changed your GitHub repository name or owner, update the value in **semantic-release** \`repositoryUrl\` option and the \`repository\` property of your \`package.json\` respectively to match the new GitHub URL.`,
+  };
+}
+
 export function EINVALIDPROXY({ proxy }) {
   return {
     message: "Invalid `proxy` option.",

package/lib/verify.js

@@ -103,35 +103,34 @@ export default async function verify(pluginConfig, context, { Octokit }) {
         proxy,
       }),
     );
-
-    // https://github.com/semantic-release/github/issues/182
-    // Do not check for permissions in GitHub actions, as the provided token is an installation access token.
-    // octokit.request("GET /repos/{owner}/{repo}", {repo, owner}) does not return the "permissions" key in that case.
-    // But GitHub Actions have all permissions required for @semantic-release/github to work
-    if (env.GITHUB_ACTION) {
-      return;
-    }
-
     try {
       const {
-        data: {
-          permissions: { push },
-        },
+        data: { permissions, clone_url },
       } = await octokit.request("GET /repos/{owner}/{repo}", { repo, owner });
-      if (!push) {
+      // Verify if Repository Name wasn't changed
+      const parsedCloneUrl = parseGithubUrl(clone_url);
+      if (owner !== parsedCloneUrl.owner || repo !== parsedCloneUrl.repo) {
+        errors.push(
+          getError("EMISMATCHGITHUBURL", { repositoryUrl, clone_url }),
+        );
+      }
+
+      // https://github.com/semantic-release/github/issues/182
+      // Do not check for permissions in GitHub actions, as the provided token is an installation access token.
+      // octokit.request("GET /repos/{owner}/{repo}", {repo, owner}) does not return the "permissions" key in that case.
+      // But GitHub Actions have all permissions required for @semantic-release/github to work
+      if (!env.GITHUB_ACTION && !permissions?.push) {
         // If authenticated as GitHub App installation, `push` will always be false.
         // We send another request to check if current authentication is an installation.
         // Note: we cannot check if the installation has all required permissions, it's
         // up to the user to make sure it has
         if (
-          await octokit
+          !(await octokit
             .request("HEAD /installation/repositories", { per_page: 1 })
-            .catch(() => false)
+            .catch(() => false))
         ) {
-          return;
+          errors.push(getError("EGHNOPERMISSION", { owner, repo }));
         }
-
-        errors.push(getError("EGHNOPERMISSION", { owner, repo }));
       }
     } catch (error) {
       if (error.status === 401) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@semantic-release/github",
   "description": "semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues",
-  "version": "10.1.4",
+  "version": "10.1.5",
   "type": "module",
   "author": "Pierre Vanduynslager (https://twitter.com/@pvdlg_)",
   "ava": {