Following this documentation, I'm using the default GITHUB_TOKEN secret to download & publish packages from another repository of mine (same scope) on GitHub registry, from a workflow. Yarn is configured to use the environment variable GITHUB_TOKEN. When using the default GITHUB_TOKEN secret, I get a 403 (Forbidden) error when downloading the package.
When using a PAT (a secret named TOKEN that I define manually with write:packages right), it works fine, when not using any token, I get a different error. Therefore, I assume the token is well transmitted and there is a right issue.
What am I missing?
Thank you.
Here is my repository settings (Actions > General) :
Allow all actions and reusable workflows: Any action or reusable workflow can be used, regardless of who authored it or where it is defined.
Read & write permissions: Workflows have read and write permissions in the repository for all scopes.
Here is a test workflow (link here):
name: Test Token
on:
workflow_dispatch:
jobs:
# Fail
github:
name: Test GitHub Token
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout#v3
- name: Setup Node
uses: actions/setup-node#v3
with:
node-version: 18
- name: Install dependencies
run: yarn install
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Success
pat:
name: Test PAT
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout#v3
- name: Setup Node
uses: actions/setup-node#v3
with:
node-version: 18
- name: Install dependencies
run: yarn install
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
Related
Hello everyone I am currently writing a workflow to auto merge when a pull request is made but I am stuck at an error telling me my token is not set more specifically: 2023-02-19T02:09:08.581Z ERROR environment variable GITHUB_TOKEN not set!. I have set all my tokens in my repo and settings tab. Any help would be appreciated.
name: CI/CD
on:
pull_request:
branches: [ master ]
jobs:
super-linter:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v2
- name: Super-Linter
uses: github/super-linter#v4.10.1
with:
files: ${{ join(github.event.pull_request.changed_files, ',') }}
Merge:
runs-on: ubuntu-latest
needs: super-linter
steps:
- name: Checkout Code
uses: actions/checkout#v2
- name: Merge pull requests
uses: pascalgn/automerge-action#v0.14.1
with:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
deploy:
runs-on: self-hosted
needs: Merge
steps:
#- uses: actions/checkout#v2 #this is used for if you want to push all source code into runner
- name: update code base
working-directory: /test_pipe/www/html
run: sudo git pull origin master
- name: restart
working-directory: /test_pipe/www/html
run: sudo systemctl restart nginx
image of error
pascalgn/automerge-action accepts GITHUB_TOKEN as an env variable, not as an argument. So it should be:
- name: Merge pull requests
uses: pascalgn/automerge-action#v0.14.1
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
Refer to the documentation: https://github.com/pascalgn/automerge-action#usage
I was using the following configuration to deploy Yii2 applications with GitHub actions:
name: Build and Deploy - DEV
on:
push:
branches:
- development
jobs:
build:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout#master
- name: Setup Enviroment
uses: shivammathur/setup-php#v2
with:
php-version: '7.2'
- name: Install Packages
run: composer install --no-dev --optimize-autoloader
- name: Deploy to Server
uses: yiier/yii2-base-deploy#master
with:
user: github
host: ${{ host }}
path: ${{ path }}
owner: github
env:
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
- name: Apply migration
run: php yii migrate --interactive=0
It worked quite well, but now is giving this error:
Current runner version: '2.285.1'
Operating System
Virtual Environment
Virtual Environment Provisioner
GITHUB_TOKEN Permissions
Secret source: Actions
Prepare workflow directory
Prepare all required actions
Getting action download info
Error: Unable to resolve action `yiier/yii2-base-deploy#master`, repository not found
Appears that yiier/yii2-base-deploy#master no longer existis.
Anyone knows a replacer?
Thanks!
Thanks to SiZE comment i remember I had fork the original repo.
I am trying to deploy to AWS using Github actions. The only problem is, that I have a main repo and frontend and backend submodules inside it.
This is the script I am using for deploy:
name: Deploy
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/checkout#v2
- name: Generate deployment package
run: git submodule update --init --recursive
run: zip -r deploy.zip . -x '*.git*'
- name: Get timestamp
uses: gerred/actions/current-time#master
id: current-time
- name: Run string replace
uses: frabert/replace-string-action#master
id: format-time
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy#v18
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_KEY }}
application_name: test-stage
environment_name: Testenv-env
version_label: "${{ steps.format-time.outputs.replaced }}"
region: eu-center-1
deployment_package: deploy.zip
The problem is while it is creating a zip. It does not include submodules. Without submodules the project almost contains nothing. Is it possible somehow to iclude them? Or do you have any better solutions for this?
Consulting the actions/checkout documentation, there is a submodules argument (default value false) that controls whether the checkout includes submodules. So, you likely want
steps:
- name: Checkout source code
uses: actions/checkout#v2
with:
submodules: true
I have a github actions job which is failing on the last job.
The build, unit test and regression test jobs are working fine but the pull-request job fails.
This is the code for the failing job, the token has been replaced.
pull-request:
needs: regression
name: PullRequest
runs-on: ubuntu-latest
steps:
- name: pullrequest
uses: repo-sync/pull-request#v2
with:
source_branch: development
destination_branch: master
pr_label: automerge
github_token: ${{ secrets.ghp_secretscretsecretetcetc }}
And this is the message I get when the job fails
Any ideas on what I am missing please?
Kev
It seems that the problem is with the GITHUB_TOKEN you informed.
GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow (you can find more information about it here).
Therefore in your case, you can follow the specifications informed on the action repository you're using:
pull-request:
needs: regression
name: PullRequest
runs-on: ubuntu-latest
steps:
- name: pullrequest
uses: repo-sync/pull-request#v2
with:
source_branch: development
destination_branch: master
pr_label: automerge
github_token: ${{ secrets.GITHUB_TOKEN }}
If you ever need a GITHUB_TOKEN with specific permissions, you can also create a Personal Access Token and add it as a secret to your repository.
In that case, you would overwrite the github_token: ${{ secrets.GITHUB_TOKEN }} by github_token: ${{ secrets.YOUR_SECRET_NAME }}.
I am working on a github action to runs tests on my PRs and pushes but I am having trouble ensuring that the tests are able to access my private repos.
I have tested the SSH credentials I am using locally and they 100% work.
https://github.com/webfactory/ssh-agent
Here is the SSH agent I am using.
and here is my github action
# This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
name: Node.js CI
on:
push:
branches:
- master
- release/*
pull_request:
branches:
- master
- release/*
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [10.x, 12.x, 14.x]
steps:
- uses: actions/checkout#v2
- uses: webfactory/ssh-agent#v0.4.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: ${{ matrix.node-version }}
- run: npm ci
- run: npm run build --if-present
- run: npm test
It appears to be making no attempt to utilize the SSH keys that it is getting
Since https://github.com/Tixpire/tixpire-server seems to be private, you will need to use a PAT (personal access token) to access it.
See also actions/checkout issue 95.
It is an HTTPS URL, so no amount of SSH keys will work: you would need an SSH URL for that (git#github.com:Tixpire/tixpire-server)