apm publish gives Application Error
ioquatix opened this issue · 16 comments
% apm login
Welcome to Atom!
Before you can publish packages, you'll need an API token.
Visit your account page on Atom.io https://atom.io/account,
copy the token and paste it below when prompted.
Press [Enter] to open your account page on Atom.io.
Token> ***TOKEN***
Saving token to Keychain ✓
koyoko% apm publish -t v2.4.0
Publishing script-runner@v2.4.0 ✗
Creating new version failed: Application error
% cat package.json
{
"name": "script-runner",
"main": "./lib/script-runner",
"version": "2.4.0",
"description": "Run scripts and shells within a proper terminal.",
"license": "MIT",
"repository": {
"type": "git",
"url": "https://github.com/ioquatix/script-runner"
},
"bugs": {
"url": "https://github.com/ioquatix/script-runner/issues"
},
"homepage": "https://github.com/ioquatix/script-runner",
"dependencies": {
"shellwords": "^0.1.0",
"etch": "^0.12.0",
"shell-environment": "^0.3.0",
"xterm": "^3.3",
"node-pty-prebuilt": "^0.7.0",
"temp-write": "^3.4",
"resize-observer-polyfill": "^1.4"
}
}
Here is a manual request:
% curl -v --http1.1 -X POST -H 'Content-Type: application/json' -d '{ "tag": "v2.4.0" }' -H 'Authorization: ***TOKEN***' "https://atom.io/api/packages/script-runner/versions"
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 52.200.123.104...
* TCP_NODELAY set
* Connected to atom.io (52.200.123.104) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.atom.io
* start date: Mar 30 00:00:00 2017 GMT
* expire date: Apr 29 12:00:00 2020 GMT
* subjectAltName: host "atom.io" matched cert's "atom.io"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> POST /api/packages/script-runner/versions HTTP/1.1
> Host: atom.io
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Authorization: ***TOKEN***
> Content-Length: 19
>
* upload completely sent off: 19 out of 19 bytes
< HTTP/1.1 500 Internal Server Error
< Server: Cowboy
< Connection: close
< Date: Sat, 25 May 2019 00:45:02 GMT
< Status: 500 Internal Server Error
< Referrer-Policy: strict-origin-when-cross-origin
< Strict-Transport-Security: max-age=631139040
< X-Frame-Options: DENY
< Content-Security-Policy: default-src 'self'; font-src https://github-atom-io-herokuapp-com.freetls.fastly.net https://github-atom-io-herokuapp-com.global.ssl.fastly.net; frame-src 'self' https://www.youtube.com; img-src https: 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net data:; media-src 'self'; object-src 'self' https://github-atom-io-herokuapp-com.freetls.fastly.net; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://www.google-analytics.com https://platform.twitter.com https://github-atom-io-herokuapp-com.freetls.fastly.net; style-src 'self' 'unsafe-inline' https://github-atom-io-herokuapp-com.freetls.fastly.net;
< X-Xss-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Content-Type: application/json; charset=utf-8
< Cache-Control: no-cache
< X-Request-Id: 8793e626-d26f-47b3-b19e-a231c240ccc5
< X-Runtime: 0.944583
< X-Rack-Cache: invalidate, pass
< Vary: Accept-Encoding, Origin
< Via: 1.1 vegur
<
* TLSv1.2 (IN), TLS alert, close notify (256):
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
{"message":"Application error"}
👋 Hi @ioquatix: Thanks for sharing the detailed output in #181 (comment). That's a big help! 🙇
I think we've tracked down the root cause of the issue. It looks like script-runner 2.4.0 was previously published on 2018-07-29, and it appears that it was unpublished just a few minutes after being published. atom.io requires each version to have a unique version number, so when it sees an attempt to publish 2.4.0 again, atom.io prevents publication. (Admittedly, apm and atom.io should provide a much more helpful error message in this situation.)
I recommend bumping the version on script-runner (for example: you could bump it to 2.4.1 or 2.5.0) and then publishing that new version. I think that should get things back on track, but if you run into any issues, please let us know. 🙇
The first time it was published it showed an error message but I don’t recall what it was. I’ll try again but I am worried it will generate another partial record. If it was already published why doesn’t it say that version on the package page?
If it was already published why doesn’t it say that version on the package page?
atom.io doesn't show 2.4.0 on the package page because 2.4.0 was unpublished.
When you attempt to publish the package, atom.io should ideally provide a much more helpful error message than "Application error". 😭 Preferably, atom.io should inform you that 2.4.0 was previously published and then unpublished, and that you need to publish a new version with a unique version number.
I hope this helps.
Okay that makes sense. But I recall when I published it the first time it broke. If it happens again I’ll capture a full transcript.
Okay I will try to release 2.4.1 now...
First I did this:
> apm login
Welcome to Atom!
Before you can publish packages, you'll need an API token.
Visit your account page on Atom.io https://atom.io/account,
copy the token and paste it below when prompted.
Press [Enter] to open your account page on Atom.io.
Token> *********************************
Saving token to Keychain ✓
Okay, so it asked me to log in:
> apm publish patch
Preparing and tagging a new version ✓
Pushing v2.4.2 tag Username for 'https://github.com': ^C
But that's not possible because I have 2FA. It needs to use SSH to push the tag.
I don't know why it's trying to use HTTP, because clearly my remote is set up to use ssh:
> git remote -v
origin git@github.com:ioquatix/script-runner.git (fetch)
origin git@github.com:ioquatix/script-runner.git (push)
I rolled back the failed release:
git reset --hard 4520e8817743dc54bbfbb217ac98adf14f89158d
Those tags never existed on the remote system because it was never pushed:
^_^ > git push origin :v2.4.1
error: unable to delete 'v2.4.1': remote ref does not exist
error: failed to push some refs to 'git@github.com:ioquatix/script-runner.git'
x_x > git push origin :v2.4.2
error: unable to delete 'v2.4.2': remote ref does not exist
error: failed to push some refs to 'git@github.com:ioquatix/script-runner.git'
I wonder if it's trying to use the repository URL to push the package:
package.json:
"repository": {
"type": "git",
"url": "https://github.com/ioquatix/script-runner"
},
Okay, I thought maybe I can manually push the tag, then publish it:
^_^ > git reset --hard 3d1f46dfbda14dd144f60ddc0907dd7fded2a8f9
HEAD is now at 3d1f46d Prepare 2.4.1 release
^_^ > git tag v2.4.1
^_^ > git push --tags
Enumerating objects: 12, done.
Counting objects: 100% (12/12), done.
Delta compression using up to 8 threads
Compressing objects: 100% (8/8), done.
Writing objects: 100% (8/8), 920 bytes | 920.00 KiB/s, done.
Total 8 (delta 4), reused 0 (delta 0)
remote: Resolving deltas: 100% (4/4), completed with 2 local objects.
To github.com:ioquatix/script-runner.git
* [new tag] v2.4.1 -> v2.4.1
x_x > apm publish --tag v2.4.1
Publishing script-runner@v2.4.1 ✓
That seemed to work.
Thinking back, I'm pretty sure when I tried to publish v2.4.0 it bombed out in the same way above with failed git credentials (https login) - I might have even tried to give it my details, but it would surely fail. I don't know how I could have ever unpublished v2.4.0 if it was never published in the first place, but if you say that's how it is then that must be the case. If I did manage to publish it, I think that would have been what I wanted at the time, so I don't know why I'd unpublished it. Something must have failed and I thought - it didn't get published, I can no longer publish it, let's try unpublishing it to see if that clears up the issue. For example, I'm certain I'd check the package page, and see it still listing v2.3 release. Then I don't know if unpublish v2.4.0 is a no-op or not. Either my recollection of events is wrong, or something else odd happened.
That being said:
apm publishcould use some work to ensure that it pushes tags using git correctly.- The error message could be better.
Let me know if I can help with anything else.
That seemed to work.
Thanks for letting us know! I'm glad that you were able to get the new version published. 😅
That being said:
- apm publish could use some work to ensure that it pushes tags using git correctly.
- The error message could be better.
I agree. 👍
I might have even tried to give it my details, but it would surely fail.
FYI, you can still login when you have 2FA enabled by providing a personal access token in the password field.
Next time I make a release, I will try the 2FA and report back if it works or not.