`v`-prefix in `package.json` version causes false negative during version comparison
scraly opened this issue · 2 comments
Hi,
I've got an issue.
Even if a npm package altready exists with the current version, the gh action wants to publish it again:
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/@xxx%2fxxx - You cannot publish over the previously published versions: 0.34.0.
My GH action:
- if: ${{ matrix.language == 'nodejs' && env.PUBLISH_NPM == 'true' }}
uses: JS-DevTools/npm-publish@v2.2.1
with:
access: "public"
token: ${{ env.NPM_TOKEN }}
package: ${{github.workspace}}/sdk/nodejs/bin/package.json
provenance: true
I've tried with strategy: upgrade
without success.
Thanks
After several tried, the strategy upgrade resolved it... crossed fingers for the next time :)
Hi @scraly, that doesn't sound good. Is this the repository? https://github.com/ovh/pulumi-ovh
If so, I believe the cause is that in your package.json
, the version
field is v0.34.0
. I've always seen the version
field without the v
, because that's what the npm version
command writes.
{
"name": "@ovh-devrelteam/pulumi-ovh",
- "version": "v0.34.0",
+ "version": "0.34.0",
I didn't truthfully know that npm
would accept that! But, since node-semver
can parse it, npm
seems happy. The bug in npm-publish
is that it only checks strings in the default strategy. It calls npm info @ovh-devrelteam/pulumi-ovh
and receives 0.34.0
from npm
. Since 0.34.0 !== v0.34.0
(from npm and the package.json, respectively), it tries to publish.
The reason strategy: upgrade
works is because in the upgrade strategy, we pass both versions into node-semver
to compare them