@semantic-release/github 10.3.2 → 10.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/definitions/errors.js +3 -15
  2. package/lib/verify.js +2 -15
  3. package/package.json +1 -1
package/lib/definitions/errors.js CHANGED
@@ -178,24 +178,12 @@ If you are using [GitHub Enterprise](https://enterprise.github.com) please make
178
178
 
179
179
  export function EGHNOPERMISSION({ owner, repo }) {
180
180
  return {
181
- message: `The GitHub token doesn't allow to push to and maintain the repository ${owner}/${repo}.`,
181
+ message: `The GitHub token doesn't allow to push on the repository ${owner}/${repo}.`,
182
182
  details: `The user associated with the [GitHub token](${linkify(
183
183
  "README.md#github-authentication",
184
- )}) configured in the \`GH_TOKEN\` or \`GITHUB_TOKEN\` environment variable must have permission to push to and maintain the repository ${owner}/${repo}.
184
+ )}) configured in the \`GH_TOKEN\` or \`GITHUB_TOKEN\` environment variable must allows to push to the repository ${owner}/${repo}.
185
185
 
186
- Please make sure the GitHub user associated with the token is an [owner](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#owner-access-on-a-repository-owned-by-a-user-account) or a [collaborator](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#collaborator-access-on-a-repository-owned-by-a-user-account) if the repository belongs to a user account or has [write permissions](https://help.github.com/articles/managing-team-access-to-an-organization-repository) if the repository [belongs to an organization](https://help.github.com/articles/repository-permission-levels-for-an-organization).`,
187
- };
188
- }
189
-
190
- export function EGHNOSCOPE({ scopes }) {
191
- return {
192
- message: `The GitHub token doesn't have the necessary OAuth scopes to write contents, issues, and pull requests.`,
193
- details: `The [GitHub token](${linkify(
194
- "README.md#github-authentication",
195
- )}) configured in the \`GH_TOKEN\` or \`GITHUB_TOKEN\` environment variable must have the correct scopes.
196
- ${scopes ? `\nThe token you used has scopes: ${scopes.join(", ")}\n` : ""}
197
- For classic PATs, make sure the token has the \`repo\` scope if the repository is private, or \`public_repo\` scope otherwise.
198
- For fine-grained PATs, make sure the token has the \`content: write\`, \`issues: write\`, and \`pull_requests: write\` scopes on the repository.`,
186
+ Please make sure the GitHub user associated with the token is an [owner](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#owner-access-on-a-repository-owned-by-a-user-account) or a [collaborator](https://help.github.com/articles/permission-levels-for-a-user-account-repository/#collaborator-access-on-a-repository-owned-by-a-user-account) if the repository belong to a user account or has [write permissions](https://help.github.com/articles/managing-team-access-to-an-organization-repository) if the repository [belongs to an organization](https://help.github.com/articles/repository-permission-levels-for-an-organization).`,
199
187
  };
200
188
  }
201
189
 
package/lib/verify.js CHANGED
@@ -107,21 +107,8 @@ export default async function verify(pluginConfig, context, { Octokit }) {
107
107
  );
108
108
  try {
109
109
  const {
110
- headers,
111
- data: { private: _private, permissions, clone_url },
110
+ data: { permissions, clone_url },
112
111
  } = await octokit.request("GET /repos/{owner}/{repo}", { repo, owner });
113
-
114
- // GitHub only returns this header if the token is a classic PAT
115
- if (headers?.["x-oauth-scopes"]) {
116
- const scopes = headers["x-oauth-scopes"].split(/\s*,\s*/g);
117
- if (
118
- !scopes.includes("repo") &&
119
- (_private || !scopes.includes("public_repo"))
120
- ) {
121
- errors.push(getError("EGHNOSCOPE", { scopes }));
122
- }
123
- }
124
-
125
112
  // Verify if Repository Name wasn't changed
126
113
  const parsedCloneUrl = parseGithubUrl(clone_url);
127
114
  if (
@@ -137,7 +124,7 @@ export default async function verify(pluginConfig, context, { Octokit }) {
137
124
  // Do not check for permissions in GitHub actions, as the provided token is an installation access token.
138
125
  // octokit.request("GET /repos/{owner}/{repo}", {repo, owner}) does not return the "permissions" key in that case.
139
126
  // But GitHub Actions have all permissions required for @semantic-release/github to work
140
- if (!env.GITHUB_ACTION && !(permissions?.push && permissions?.maintain)) {
127
+ if (!env.GITHUB_ACTION && !permissions?.push) {
141
128
  // If authenticated as GitHub App installation, `push` will always be false.
142
129
  // We send another request to check if current authentication is an installation.
143
130
  // Note: we cannot check if the installation has all required permissions, it's
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@semantic-release/github",
3
3
  "description": "semantic-release plugin to publish a GitHub release and comment on released Pull Requests/Issues",
4
- "version": "10.3.2",
4
+ "version": "10.3.3",
5
5
  "type": "module",
6
6
  "author": "Pierre Vanduynslager (https://twitter.com/@pvdlg_)",
7
7
  "ava": {