Skip to content

fix(ci): remove duplicate Authorization header in semantic-release#300

Merged
polaz merged 1 commit intomainfrom
fix/299-duplicate-auth-header
Feb 5, 2026
Merged

fix(ci): remove duplicate Authorization header in semantic-release#300
polaz merged 1 commit intomainfrom
fix/299-duplicate-auth-header

Conversation

@polaz
Copy link
Copy Markdown
Member

@polaz polaz commented Feb 5, 2026

Summary

Root Cause

#298 added an Authorization header, but actions/checkout already sets one. Combined with semantic-release embedding token in URL, this caused "Duplicate header" error.

Test plan

  • CI workflow completes without "Duplicate header" error
  • semantic-release creates tag and GitHub release

Closes #299

Copilot AI review requested due to automatic review settings February 5, 2026 04:09
@github-actions
Copy link
Copy Markdown

github-actions bot commented Feb 5, 2026

Test Coverage Report

Overall Coverage: 95.77%

Metric Percentage
Statements 95.24%
Branches 86.12%
Functions 94.35%
Lines 95.77%

View detailed coverage report

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a CI/CD failure where semantic-release was encountering a "Duplicate header: Authorization" error due to multiple conflicting authentication methods. The fix removes the redundant git credential configuration step that was added in PR #298 and adds persist-credentials: false to the checkout action, allowing semantic-release to manage authentication exclusively via the GITHUB_TOKEN environment variable. The PR also includes an unrelated dependency update to @structured-world/vue-privacy.

Changes:

  • Added persist-credentials: false to the checkout step in the semantic-release job to prevent duplicate Authorization headers
  • Removed the "Configure git credentials for tag push" step that was causing authentication conflicts
  • Updated @structured-world/vue-privacy from 1.9.0 to 1.10.0 (unrelated to the CI fix)

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/ci-cd.yml Adds persist-credentials: false to checkout and removes the redundant git credentials configuration step that was causing duplicate Authorization headers
package.json Updates @structured-world/vue-privacy dependency version from 1.9.0 to 1.10.0
yarn.lock Updates lockfile entries to reflect the new version of @structured-world/vue-privacy with updated checksums

@polaz
fix(ci): remove duplicate Authorization header, add token scope
1026689 
- Remove "Configure git credentials" step that caused duplicate headers
- Add owner/repositories params to create-github-app-token
- Update @structured-world/vue-privacy to 1.10.0

Closes #299
@polaz polaz force-pushed the fix/299-duplicate-auth-header branch from 69ea808 to 1026689 Compare February 5, 2026 04:12
@polaz polaz enabled auto-merge (squash) February 5, 2026 04:13
@polaz polaz merged commit 4032584 into main Feb 5, 2026
14 checks passed
@polaz polaz deleted the fix/299-duplicate-auth-header branch February 5, 2026 04:14
sw-release-bot bot pushed a commit that referenced this pull request Feb 5, 2026
@semantic-release-bot
chore(release): 6.58.0 [skip ci]
ee7b890 
## [6.58.0](v6.57.0...v6.58.0) (2026-02-05)

### Features

* **logging:** add LOG_FILTER for access log noise reduction ([#295](#295)) ([d0c3d0d](d0c3d0d)), closes [#290](#290)

### Bug Fixes

* **ci:** configure git credentials for semantic-release tag upload ([#298](#298)) ([6563291](6563291)), closes [#297](#297)
* **ci:** remove duplicate Authorization header, add token scope ([#300](#300)) ([4032584](4032584)), closes [#299](#299)
@sw-release-bot
Copy link
Copy Markdown

sw-release-bot bot commented Feb 5, 2026

🎉 This PR is included in version 6.58.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@sw-release-bot sw-release-bot bot mentioned this pull request Mar 29, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(ci): duplicate Authorization header breaks semantic-release

2 participants

@polaz