fix: prevent git prompt before permissions verification

index.js

@@ -11,8 +11,10 @@ const getNextVersion = require('./lib/get-next-version');
 const getCommits = require('./lib/get-commits');
 const getLastRelease = require('./lib/get-last-release');
 const {extractErrors} = require('./lib/utils');
+const getGitAuthUrl = require('./lib/get-git-auth-url');
 const logger = require('./lib/logger');
-const {unshallow, gitHead: getGitHead, tag, push} = require('./lib/git');
+const {unshallow, verifyAuth, gitHead: getGitHead, tag, push} = require('./lib/git');
+const getError = require('./lib/get-error');
 
 marked.setOptions({renderer: new TerminalRenderer()});
 
@@ -44,6 +46,11 @@ async function run(options, plugins) {
 
   await verify(options);
 
+  options.repositoryUrl = await getGitAuthUrl(options);
+  if (!await verifyAuth(options.repositoryUrl, options.branch)) {
+    throw getError('EGITNOPERMISSION', {options});
+  }
+
   logger.log('Run automated release from branch %s', options.branch);
 
   logger.log('Call plugin %s', 'verify-conditions');

lib/get-config.js

@@ -6,7 +6,6 @@ const debug = require('debug')('semantic-release:config');
 const {repoUrl} = require('./git');
 const PLUGINS_DEFINITIONS = require('./definitions/plugins');
 const plugins = require('./plugins');
-const getGitAuthUrl = require('./get-git-auth-url');
 
 module.exports = async (opts, logger) => {
   const {config} = (await cosmiconfig('release', {rcExtensions: true}).load(process.cwd())) || {};
@@ -51,8 +50,6 @@ module.exports = async (opts, logger) => {
     ...pickBy(options, option => !isUndefined(option) && !isNull(option)),
   };
 
-  options.repositoryUrl = await getGitAuthUrl(options);
-
   debug('options values: %O', options);
 
   return {options, plugins: await plugins(options, pluginsPath, logger)};

lib/get-git-auth-url.js

@@ -17,7 +17,6 @@ const GIT_TOKENS = ['GIT_CREDENTIALS', 'GH_TOKEN', 'GITHUB_TOKEN', 'GL_TOKEN', '
  * @return {String} The formatted Git repository URL.
  */
 module.exports = async ({repositoryUrl, branch}) => {
-  if (repositoryUrl) {
   const info = hostedGitInfo.fromUrl(repositoryUrl, {noGitPlus: true});
 
   if (info && info.getDefaultRepresentation() === 'shortcut') {
@@ -49,6 +48,5 @@ module.exports = async ({repositoryUrl, branch}) => {
       ? format({...parse(`${gitUrlParse(repositoryUrl).toString(protocol)}.git`), ...{auth: gitCredentials}})
       : repositoryUrl;
   }
-  }
   return repositoryUrl;
 };

lib/verify.js

@@ -1,6 +1,6 @@
 const {template} = require('lodash');
 const AggregateError = require('aggregate-error');
-const {isGitRepo, verifyAuth, verifyTagName} = require('./git');
+const {isGitRepo, verifyTagName} = require('./git');
 const getError = require('./get-error');
 
 module.exports = async options => {
@@ -10,8 +10,6 @@ module.exports = async options => {
     errors.push(getError('ENOGITREPO'));
   } else if (!options.repositoryUrl) {
     errors.push(getError('ENOREPOURL'));
-  } else if (!await verifyAuth(options.repositoryUrl, options.branch)) {
-    errors.push(getError('EGITNOPERMISSION', {options}));
   }
 
   // Verify that compiling the `tagFormat` produce a valid Git tag

test/get-config.test.js

@@ -31,7 +31,6 @@ test.afterEach.always(() => {
 });
 
 test.serial('Default values, reading repositoryUrl from package.json', async t => {
-  process.env.GIT_CREDENTIALS = 'user:pass';
   const pkg = {repository: 'https://host.null/owner/package.git'};
   // Create a git repository, set the current working directory at the root of the repo
   await gitRepo();
@@ -45,12 +44,11 @@ test.serial('Default values, reading repositoryUrl from package.json', async t =
 
   // Verify the default options are set
   t.is(options.branch, 'master');
-  t.is(options.repositoryUrl, 'https://user:pass@host.null/owner/package.git');
+  t.is(options.repositoryUrl, 'https://host.null/owner/package.git');
   t.is(options.tagFormat, `v\${version}`);
 });
 
 test.serial('Default values, reading repositoryUrl from repo if not set in package.json', async t => {
-  process.env.GIT_CREDENTIALS = 'user:pass';
   // Create a git repository, set the current working directory at the root of the repo
   await gitRepo();
   // Add remote.origin.url config
@@ -60,12 +58,11 @@ test.serial('Default values, reading repositoryUrl from repo if not set in packa
 
   // Verify the default options are set
   t.is(options.branch, 'master');
-  t.is(options.repositoryUrl, 'https://user:pass@host.null/owner/module.git');
+  t.is(options.repositoryUrl, 'https://host.null/owner/module.git');
   t.is(options.tagFormat, `v\${version}`);
 });
 
 test.serial('Default values, reading repositoryUrl (http url) from package.json if not set in repo', async t => {
-  process.env.GIT_CREDENTIALS = 'user:pass';
   const pkg = {repository: 'https://host.null/owner/module.git'};
   // Create a git repository, set the current working directory at the root of the repo
   await gitRepo();
@@ -76,58 +73,10 @@ test.serial('Default values, reading repositoryUrl (http url) from package.json
 
   // Verify the default options are set
   t.is(options.branch, 'master');
-  t.is(options.repositoryUrl, 'https://user:pass@host.null/owner/module.git');
+  t.is(options.repositoryUrl, 'https://host.null/owner/module.git');
   t.is(options.tagFormat, `v\${version}`);
 });
 
-test.serial('Default values, reading repositoryUrl (shorthand url) from package.json if not set in repo', async t => {
-  process.env.GIT_CREDENTIALS = 'user:pass';
-  const pkg = {repository: 'owner/module'};
-  // Create a git repository, set the current working directory at the root of the repo
-  await gitRepo();
-  // Create package.json in repository root
-  await outputJson('./package.json', pkg);
-
-  const {options} = await t.context.getConfig();
-
-  // Verify the default options are set
-  t.is(options.branch, 'master');
-  t.is(options.repositoryUrl, 'https://user:pass@github.com/owner/module.git');
-  t.is(options.tagFormat, `v\${version}`);
-});
-
-test.serial(
-  'Default values, reading repositoryUrl (gitlab shorthand url) from package.json if not set in repo',
-  async t => {
-    process.env.GIT_CREDENTIALS = 'user:pass';
-    const pkg = {repository: 'gitlab:owner/module'};
-    // Create a git repository, set the current working directory at the root of the repo
-    await gitRepo();
-    // Create package.json in repository root
-    await outputJson('./package.json', pkg);
-
-    const {options} = await t.context.getConfig();
-
-    // Verify the default options are set
-    t.is(options.branch, 'master');
-    t.is(options.repositoryUrl, 'https://user:pass@gitlab.com/owner/module.git');
-    t.is(options.tagFormat, `v\${version}`);
-  }
-);
-
-test.serial('Do not add git credential to repositoryUrl if push is allowed', async t => {
-  process.env.GIT_CREDENTIALS = 'user:pass';
-  // Create a git repository, set the current working directory at the root of the repo
-  const repositoryUrl = await gitRepo(true);
-  const pkg = {repository: repositoryUrl};
-  // Create package.json in repository root
-  await outputJson('./package.json', pkg);
-
-  const {options} = await t.context.getConfig();
-
-  t.is(options.repositoryUrl, repositoryUrl);
-});
-
 test.serial('Read options from package.json', async t => {
   const release = {
     analyzeCommits: {path: 'analyzeCommits', param: 'analyzeCommits_param'},

test/get-git-auth-url.test.js

@@ -51,6 +51,20 @@ test.serial('Handle "git" URL with group and subgroup', async t => {
   );
 });
 
+test.serial('Convert shorthand URL', async t => {
+  t.is(
+    await getAuthUrl({repositoryUrl: 'semanitc-release/semanitc-release'}),
+    'https://github.com/semanitc-release/semanitc-release.git'
+  );
+});
+
+test.serial('Convert GitLab shorthand URL', async t => {
+  t.is(
+    await getAuthUrl({repositoryUrl: 'gitlab:semanitc-release/semanitc-release'}),
+    'https://gitlab.com/semanitc-release/semanitc-release.git'
+  );
+});
+
 test.serial(
   'Return the "https" formatted URL if "gitCredentials" is defined and repositoryUrl is a "git" URL',
   async t => {