[GitHub] Deprecation Notice

[abhisekp]

Current behavior

Message from Github after running npx semantic-release setup

Hi @abhisekp,

On July 10th, 2020 at 07:50 (UTC) you or an application you used recently accessed the deprecated Authorizations endpoint on the GitHub API with the useragent semantic-release.

We will remove the Authorizations API endpoint on November 13, 2020. If you accessed the API via password authentication, then we recommend you use the web flow to authenticate. Please check that your app uses the web flow for authentication https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow

You can learn more about these changes by visiting our developer blog https://developer.github.com/changes/2020-02-14-deprecating-oauth-auth-endpoint/

Thanks,
The GitHub Team

Expected behavior

No emails. Inbox full.

Environment

• semantic-release version: ^17.1.1
• CI environment: TravisCI
• Plugins used:
• semantic-release configuration:
• CI logs:

[gr2m]

I think you ran npx semantic-release-cli setup, not npx semantic-release setup.

The CLI really needs some love, but the current maintainers cannot find the time for it.

For this particular case, we wait for the CLI authentication library from @octokit, which will use the OAuth web flow instead of the deprecated authorization APIs

[adrienjoly]

👋 Just to let you know that I've experienced the same issues after setting up semantic-release on two of my npm packages.

[codebymikey]

Ran into this issue as well: https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization

It still posts to https://api.github.com/authorizations and returns the following:

StatusCodeError: 404 - {"message":"Not Found","documentation_url":"https://docs.github.com/rest"}

I believe the octokit module should have the functionality now from browsing around.

[gr2m]

sorry :( it really is about time we replace the username/password with an OAuth flow. I might find some time to get this finally going this week

[gr2m]

while at it, we should also replace the default travis setup with GitHub actions, because Travis became close to useless lately

[codebymikey]

I'm literally in the middle of implementing a Github action as my Travis job was essentially in a queue for like 3 hours before being ran, which is pretty bad for such a popular tool.

And it's fine, no huge rush, I just had to reverse engineer what the script was trying to do and applied the environment variables and tokens manually.
If you don't have the time to work on the code, a documentation for the manual process should suffice for new users (as it's pretty straightforward).

[gr2m]

this is what my usual release GitHub action looks like:
https://github.com/octokit/core.js/blob/master/.github/workflows/release.yml

You don't need to configure the GITHUB_TOKEN, it's already provided. Unless you have actions triggered by the release event, in which case you need to use a personal access token, because actions don't trigger actions.

[CalmJerome]

this is what my usual release GitHub action looks like:
https://github.com/octokit/core.js/blob/master/.github/workflows/release.yml

You don't need to configure the GITHUB_TOKEN, it's already provided. Unless you have actions triggered by the release event, in which case you need to use a personal access token, because actions don't trigger actions.

Thanks a lot!