Another point of failure on my side: In the release Github Action, several packages successfully released and several not. So sometimes the provider repository github action is in failed and a strange state. Every time the gh action wants to publish the npm package, even if it is already exists in the registry :(.

npm ERR! 403 403 Forbidden - PUT <https://registry.npmjs.org/@ovh-devrelteam%2fpulumi-ovh> - You cannot publish over the previously published versions: 0.34.0.

I’ve read the guide and it appears that normally the gh action will NOT try to publish again an existing npm package because a check is done in the

package.json

file. So, my question is, why the gh action wants to publish the npm package even if the version seems the same? Second question: have you a release.yaml gh action optimized in order to not publish existing package (npm, pypi, nuget...) Thanks

Hi Aurelie, thanks for the feedback on non-idempotent behavior of the publish action I've captured it in https://github.com/pulumi/ci-mgmt/issues/565 so it gets through my team's triage and we can find out what's our current recommended best-practice here is.

It seems that the trouble is related to the version: https://github.com/JS-DevTools/npm-publish/issues/139#issuecomment-1715654429 So maybe it can be useful to anyone to fix this problem. Moreover a page in the official documentation with all the possible known issues, with a latest version of the Gh actions and all the useful information we can have could be very useful.

Very good point thank you for the suggestion!