setup-node | Set up your GitHub Actions workflow with a specific version of nodejs | BPM library

The problem is that you're using the GITHUB_TOKEN (which has a specific permission scope) instead of a PAT (Personal Access Token).

You can't push to another repo using the GITHUB_TOKEN, you'll need a PAT to do so.

There are also many actions from the marketplace to perform the push operation for you, after adding the PAT as a secret.

I also facing the similar issue with it, you should tried to use actions/setup-node like this to fix it:

I finally find out !!! BUT I'm not sure in term of security if there is any risk or not so if anyone can advice I'll edit the answer !

What is changing but I'm not sure in term of security is here :

Updated

After github action incident on Feb 5, It looks like (even now) not working on many images except 'ubuntu'.

Update runs-on tag to ubuntu latest, I pushed commit then finally github picks my ci/cd jobs.

I used node alpine image originally

old answers

I found incidents in github page when I faced that error.

Maybe that affects queued status.

You have to add authorization to on CI with URL + token - it's done through .npmrc file.

1. Create a token: npm token create --read-only

2. Add it to your secrets on GitHub named NPM_TOKEN

3. Before running npm ci create a local file with your token:

   Add a step: - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc

Everything else stays as it is.

Solved removing packages-lock.json and running again using NodeJS 14 (was 10)

Following could be a guess (based on docs I read about conventional-github-releaser and actions/checkout), so I'm not 100% sure:

When you use actions/checkout@v2 it sets to default fetch-depth: 1 which does a shallow checkout of your repository i.e. single commit is fetched by default (btw this you can see in you GHA as well, I attached a snapshot) and this could be most likely the reason why conventional-github-releaser couldn't pickup previous content of CHANGELOG.md as that command only "...generates a GitHub Release based on commits since the last semver tag...". When you set this explicitly to fetch-depth: 0 it fetches all git history for all branches and tags. Try and let me know as I'm interested what's the outcome.

REF:

• https://github.com/actions/checkout#checkout-v2
• https://github.com/ckeditor/conventional-github-releaser#quick-start

After a lot of research, I was able to figure out that this happens when you are not using npm install for installing dependencies. In my case, I was only using yarn for the dependencies so I was only having yarn.lock file and no package-lock.json file.

• One way to resolve this was using npm install to install the dependencies, then you'll have a package-json.lock file and CI won't throw any error.

• And the other way if you only want to use yarn, then you need to update that step in your eas-pipeline.yml file for installing the dependencies.

I use jest-dev-server and then solve it.