Skip to content
Latchkey

semantic-release "fatal: could not read Username" credentials in CI

When semantic-release pushes tags or release commits, git needs credentials for the remote. If the checkout did not persist credentials, the push prompts for a username in a non-interactive shell and fails with "could not read Username".

What this error means

The push during release fails with "fatal: could not read Username for 'https://github.com': No such device or address" or "terminal prompts disabled".

semantic-release
fatal: could not read Username for 'https://github.com': No such device or address
[semantic-release] > Failed step "publish" of plugin "@semantic-release/github"

Common causes

Checkout ran with persist-credentials false

actions/checkout was configured with persist-credentials: false, so the git remote has no stored auth for the release push.

A shallow checkout without a usable credential helper

Without full history and persisted credentials, git cannot authenticate the push non-interactively.

How to fix it

Persist credentials and full history in checkout

  1. Set persist-credentials: true (the default) so git keeps auth.
  2. Set fetch-depth: 0 so full history is available.
  3. Re-run so the release push authenticates automatically.
.github/workflows/release.yml
- uses: actions/checkout@v4
  with:
    fetch-depth: 0
    persist-credentials: true

Provide the token explicitly to git

If you must disable persisted credentials, configure git to use the token for pushes.

Terminal
git remote set-url origin \
  https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/owner/repo.git

How to prevent it

  • Leave persist-credentials at its default true for release jobs.
  • Use fetch-depth: 0 so history and refs are complete.
  • If you strip credentials, re-add the token to the git remote before releasing.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →