Can't publish any more

[est31]

cpal has a "publish to crates.io" github action in which it tries to publish the crate to crates.io. This has worked great in May at the latest, but now seems to not work any more. The error is:

error: api errors (status 200 OK): this crate exists but you don't seem to be an owner. If you believe this is a mistake, perhaps you need to accept an invitation to be an owner before publishing.

The publish job uses the Github account @rustaudio-publish-bot which is part of the cpal maintainers team on github. That same team is listed as owner on the crates.io page of cpal: https://crates.io/crates/cpal

This setup used to work but broke for some reason. The token is still valid, it's still shown as "used" recently enough according to the timestamp on crates.io.

I've tried publishing it locally with my own API keys, but it gave the same error for me as well.

See also cpal the bug: RustAudio/cpal#428

And: RustAudio/cpal#337

[jtgeibel]

Is it possible that the RustAudio org is now more locked down on GitHub? This could be a situation similar to #1368.

[est31]

Hmmm indeed. Thanks for the hint! I've granted the crates.io team access for RustAudio and now it works again. It would be nice if it could display warnings if there is no access for it. Can it distinguish between not having access to an organization you are member of and not being a member?

[jtgeibel]

Can it distinguish between not having access to an organization you are member of and not being a member?

I don't think we can, at least not with this endpoint alone. As I understand it, we get the same 404 Not Found if the user is not a member, or if they don't have permission to query membership.

It would be nice if it could display warnings if there is no access for it.

I think it would be great to extend the existing error message. Do you have more details on exactly what permission change worked for you? I would love to be able link to documentation or at least describe what an org admin needs to check for. I don't have an existing org to poke around the settings myself.

[est31]

Do you have more details on exactly what permission change worked for you?

The weirdest part about this was that you don't have to set it in your organization, but in your personal account. That's what I first struggled with because I didn't find the crates.io oauth app in the RustAudio org settings at all.

I had to get to my personal account settings, go to the crates.io oauth app and there's a listing of all organizations I'm member of. I had to authorize the RustAudio org. Basically the same UI that your linked issue has a screenshot of. After I did that, it also worked for the other account rustaudio-publish-bot whose token the CI uses , even though I didn't change anything in there. It just was green all of a sudden. Maybe it's because my personal account is admin in the RustAudio org? IDK.

[jtgeibel]

Okay, trying to follow along I see the following:

• Starting from https://github.com/settings/applications and selecting crates.io
  • This takes me to https://github.com/settings/connections/applications/9fe8110dfe185fe90b5c. Since this is under settings/ I'm not certain that I can link all users directly to that. Does this link take you to the page for crates.io as well?
• On this page under "Organization access" I see a few orgs I am a member of.
• In my case, all of these have a green checkmark.
• Going back to the list of applications, I instead select OAuth application for my own staging area (so created by me and not rust-lang). Here, I see a red X next to some orgs I am a member of (in particular, rust-lang). For each of these there is a Request button.
  • Is this what you clicked?
  • I haven't clicked this myself as I don't really want to randomly ping someone on rust-lang about this staging area.
  • As you said, maybe because you are an admin of RustAudio this was enough to approve the request automatically.
• I just realized that I am an owner on an org!
  • Under the org settings, I see "Third-party access". On that page I see "Policy: No restrictions", and a button to setup restrictions. I'm assuming this is the other side of the UI and that RustAudio has set some access restrictions here. If so, do you now see crates.io listed there?
  • I haven't yet taken the chance to set up restrictions and poke around in this portion of the settings.

[est31]

Does this link take you to the page for crates.io as well?

Yes! It's the same URL.

For each of these there is a Request button. Is this what you clicked?

Yes. The button was a Grant one though. I think its label depends on whether you are admin or not.

I'm assuming this is the other side of the UI and that RustAudio has set some access restrictions here. If so, do you now see crates.io listed there?

Yeah there is a crates.io entry with a green checkmark and "approved". If I click on the pen it shows me that est31 has requested the approval. I'm not sure about the state before I granted crates.io access. Maybe there were some restrictions, maybe not.

There is also an entry in the audit log mentioning that I approved access.

[Turbo87]

from the comments here I'm assuming the "Can't publish any more" issue has been solved. if there is anything additional we need to do to prevent such issues in the future I would suggest to open a new issue for that which explains the suggestion :)

[iamgabrielsoft]

these issues keep coming up in 2022, weird

[carols10cents]

@iamgabrielsoft if you are having trouble publishing, please open a new issue with more details. Thanks!