Internal Server Error with pulsar publish

[tmhglnd]

Hi! I'm trying to publish a package to the pulsar package manager, following the instructions on: https://docs.pulsar-edit.dev/developing-for-pulsar/publishing/#prepare-your-package

The code for my package is here: https://github.com/tmhglnd/mercury-pulsar

However I run into the following error:

pulsar -p publish minor
Preparing and tagging a new version ✓
Pushing v0.1.0 tag ✓
Registering mercury ✗
Internal Server Error

I've searched a bit online (mainly reddit and github discussions) to find out what the problem could be, but haven't been able to find a solution. I tried different tags, also made sure my package name is not in use already, and also tried different version numbers but didn't seem to make a difference.

Does anyone have some thoughts/pointers? Thanks for any tips

[savetheclocktower]

@confused-Techie, maybe something showed up in the logs?

[confused-Techie]

@tmhglnd Thanks a ton for reporting this issue!
It seems that the backend is failing against a rarely reported code path that unfortunately doesn't have better error messaging.
It's failing at the vcs.ownership step, which is when it attempts to verify that you actually have the rights to publish your specific repository.
Although there are error messages that should show at least in the logs when the backend determines you don't have access to this repository, so this indicates that we are failing for some other reason.

This could be due to the token you're provided not giving us valid authorization to do this check on your behalf or it may be due to something else.

I'd recommend redoing the Pulsar Sign in flow, and try again. If it fails again please describe in detail what your sign in flow looks like, and I may have to add additional error checks or logging on the backend before we try a third time.

Again, thanks a ton for your information and patience, hopefully we can get your hard work published soon!

[tmhglnd]

Hey, thanks for the quick reply!

I created a new PAT and it worked :). https://packages.pulsar-edit.dev/packages/mercury

The reason it didn't work before: I created a PAT with restricted repository access. I only selected the single repository, but didn't add any repository permissions for it. I guess this is the reason the error occured.

The fix: Create a PAT with "Only selected repositories", select the repository, then add "Permission" for "Contents" and "Metadata".

I signed in again via the pulsar package manager and replaced my previous pulsar API key in the Keychain for the new generated one.

[savetheclocktower]

Excellent!

For posterity and for anyone else reading this discussion: we really do care about using only the permissions we absolutely need and don't ask for anything more than that. The only goal is to verify that you control the repository from which you want to publish.

[confused-Techie]

Glad to hear it! @tmhglnd For future reference, this specific check only needs metadata access to the repository, but for future checks (such as feature checks of your package) I do believe we need contents permission, but I can always double check that if you'd like to tighten your security risk here.

But thanks for following through with my suggestion and glad to see we got your package up and running!