The problem
I have a private repository that I am trying to add python-semantic-release to the GitHub Actions.
When trying to increment the version number, I am getting the error that I don't have write access to the repository. I have used the Github Classic PAT and Fine grained PAT and both don't work. I gave all repo permissions just to ensure that I wasn't messing anything up.
I also echoed my my secrets.TOKEN in GitHub Actions to make sure that they were being called properly as well.
Why am I getting a write error even though I have generated the access token with ALL permissions to to the repository?
main.yml
name: Semantic Release
on:
push:
branches:
- main
jobs:
release:
runs-on: ubuntu-latest
concurrency: release
steps:
- uses: actions/checkout#v2
with:
fetch-depth: 0
- name: Step 1 - Echo out a GitHub Actions Secret to the logs
run: |
echo "The GitHub Action Secret will be masked: "
echo ${{ secrets.TOKEN }}
echo "Trick to echo GitHub Actions Secret: "
echo ${{secrets.TOKEN}} | sed 's/./& /g'
echo ${{secrets.USERNAME}} | sed 's/./& /g'
- name: Print repository URL
run: |
echo $(git remote get-url origin)
- name: Python Semantic Release
uses: relekang/python-semantic-release#master
with:
github_token: ${{ secrets.TOKEN }}
repository_username: __token__
pyproject.toml
[tool.semantic_release]
version_variable = "setup.py:__version__"
branch = "main"
upload_to_repository = false
setup.py
from setuptools import setup
__version__ = "1.0.1"
setup(
name="pmp-otk",
version=__version__,
# And so on...!!!!!!
)
debug log
debug: * We fixed the damn bug ([`6d6667a`](https://github.com/***/pmp-otk-sandbox/commit/6d6667afde48fbd3cbdabaa048989379b7216ea9))')
warning: Changelog file not found: /github/workspace/CHANGELOG.md - creating it.
debug: update_additional_files()
Bumping with a patch version to 1.0.2
debug: set_new_version('1.0.2')
debug: Writing new version number: path=PosixPath('setup.py') pattern='__version__ *[:=] *["\\\'](\\d+\\.\\d+\\.\\d+(-beta\\.\\d+)?)["\\\']' num_matches=1
debug: set_new_version -> True
debug: commit_new_version('1.0.2')
debug: commit_new_version -> [main [64](https://github.com/shawnesquivel/pmp-otk-sandbox/actions/runs/4018206730/jobs/6903535852#step:6:65)d5a24] 1.0.2
debug: 2 files changed, 8 insertions(+), 1 deletion(-)
debug: create mode 100644 CHANGELOG.md
debug: tag_new_version('1.0.2')
debug: tag_new_version ->
Pushing new version
debug: get_hvcs()
debug: get_hvcs -> <class 'semantic_release.hvcs.Github'>
debug: get_hvcs()
debug: get_hvcs -> <class 'semantic_release.hvcs.Github'>
debug: push_new_version(, auth_token='***', owner='***', name='pmp-otk-sandbox', branch=main, domain='github.com')
error: Cmd('git') failed due to: exit code(128)
error: cmdline: git push ***github.com/***/pmp-otk-sandbox.git main
error: stderr: 'remote: Write access to repository not granted.
error: fatal: unable to access 'https://github.com/***/pmp-otk-sandbox.git/': The requested URL returned error: 403'
Expected behavior
I expected to increment the version, and to not have and write access issues.
Additional context
Example commit:
git commit -m "fix: we fixed the damn bug"
Related
This question already has an answer here:
GitHub Actions - "Node.js 12 actions are deprecated." although I upgraded everything to v18
(1 answer)
Closed 23 days ago.
This post was edited and submitted for review 23 days ago and failed to reopen the post:
Original close reason(s) were not resolved
I am practicing GitHub and use the introduction-to-GitHub repository to create a repository.
When I make a repository, I receive an en error message in the Accion tab which says:
"Process completed with exit code 129."
Node.js 12 actions are deprecated. Please update the following actions to use Node.js 16: actions/checkout#v2. For more information, see https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/.
Here's my workflow:
name: Step 1, Create a branch
on:
workflow_dispatch:
create:
# Reference https://docs.github.com/en/actions/security-guides/automatic-token-authentication
permissions:
# Need `contents: read` to checkout the repository
# Need `contents: write` to update the step metadata
contents: write
jobs:
on_create_a_branch:
name: On create a branch
# We will only run this action when:
# 1. This repository isn't the template repository
# 2. The event is a branch
# 3. The branch name is `my-first-branch`
# Reference https://docs.github.com/en/actions/learn-github-actions/contexts
# Reference https://docs.github.com/en/actions/learn-github-actions/expressions
if: ${{ !github.event.repository.is_template && github.ref_type == 'branch' && github.ref_name == 'my-first-branch' }}
# We'll run Ubuntu for performance instead of Mac or Windows
runs-on: ubuntu-latest
steps:
# We'll need to check out the repository so that we can edit the README
- name: Checkout
uses: actions/checkout#v2
with:
fetch-depth: 0 # Let's get all the branches
# Update README to close <details id=1> and open <details id=2>
# and set STEP to '2'
- name: Update to step 2
uses: skills/action-update-step#v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
from_step: 1
to_step: 2
branch_name: my-first-branch
Here are the logs from the step that's failing:
Run skills/action-update-step#v1
Run echo "Check that all required env variables are set"
Check that all required env variables are set
Check that we are on FROM_STEP
Make sure we are on the base branch ()
Your branch is up to date with 'origin/my-first-branch'.
Remove 'open' from any <details> tags
Add 'open' to step TO_STEP
Update all HTML comments to hide everything
Show the current TO_STEP
Update the STEP file to TO_STEP
Commit the files, and push to base branch
[my-first-branch a0860a2] Update to 2 in STEP and README.md
2 files changed, 3 insertions(+), 3 deletions(-)
To https://github.com/halavehzadeh/lesson1
7c47deb..a0860a2 my-first-branch -> my-first-branch
If BRANCH_NAME, update that branch as well
Already on 'my-first-branch'
Your branch is up to date with 'origin/my-first-branch'.
usage: git cherry-pick [--edit] [-n] [-m <parent-number>] [-s] [-x] [--ff]
[-S[<keyid>]] <commit>...
or: git cherry-pick (--continue | --skip | --abort | --quit)
--quit end revert or cherry-pick sequence
--continue resume revert or cherry-pick sequence
--abort cancel revert or cherry-pick sequence
--skip skip current commit and continue
--cleanup <mode> how to strip spaces and #comments from message
-n, --no-commit don't automatically commit
-e, --edit edit the commit message
-s, --signoff add a Signed-off-by trailer
-m, --mainline <parent-number>
select mainline parent
--rerere-autoupdate update the index with reused conflict resolution if possible
--strategy <strategy>
merge strategy
-X, --strategy-option <option>
option for merge strategy
-S, --gpg-sign[=<key-id>]
GPG sign commit
-x append commit name
--ff allow fast-forward
--allow-empty preserve initially empty commits
--allow-empty-message
allow commits with empty messages
--keep-redundant-commits
keep redundant, empty commits
Error: Process completed with exit code 129.
I notice I should change action/cheout#v2 to version 3, but I don't know should I do that.
I also modified all files (changed in action/cheout#v2 to version 3) but still get the same error message.
Here is my workflow file:
name: Step 1, Create a branch
on:
workflow_dispatch:
create:
# Reference https://docs.github.com/en/actions/security-guides/automatic-token-authentication
permissions:
# Need `contents: read` to checkout the repository
# Need `contents: write` to update the step metadata
contents: write
jobs:
on_create_a_branch:
name: On create a branch
# We will only run this action when:
# 1. This repository isn't the template repository
# 2. The event is a branch
# 3. The branch name is `my-first-branch`
# Reference https://docs.github.com/en/actions/learn-github-actions/contexts
# Reference https://docs.github.com/en/actions/learn-github-actions/expressions
if: ${{ !github.event.repository.is_template && github.ref_type == 'branch' && github.ref_name == 'my-first-branch' }}
# We'll run Ubuntu for performance instead of Mac or Windows
runs-on: ubuntu-latest
steps:
# We'll need to check out the repository so that we can edit the README
- name: Checkout
uses: actions/checkout#v2
with:
fetch-depth: 0 # Let's get all the branches
# Update README to close <details id=1> and open <details id=2>
# and set STEP to '2'
- name: Update to step 2
uses: skills/action-update-step#v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
from_step: 1
to_step: 2
branch_name: my-first-branch
I have a branch protection to my test branch, but i need to execute every pull request merged a action to update the version of the software and commit in the test branch.
Even with the tag --force the error appear:
INPUT_TAGGING_MESSAGE:
No tagging message supplied. No tag will be added.
INPUT_PUSH_OPTIONS: --force
remote: error: GH006: Protected branch update failed for refs/heads/test.
remote: error: Changes must be made through a pull request.
! [remote rejected] HEAD -> test (protected branch hook declined)
error: failed to push some refs to 'https://github.com/***/***'
Error: Invalid status code: 1
at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
code: 1
}
Error: Invalid status code: 1
at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
at ChildProcess.emit (node:events:390:28)
at maybeClose (node:internal/child_process:1064:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
I allowed everyone to push with force in this branch:
My workflow action:
name: Version Update
on:
pull_request:
branches:
- master
- test
types: [closed]
jobs:
version_update:
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- uses: shivammathur/setup-php#15c43e89cdef867065b0213be354c2841860869e
with:
php-version: '8.1'
- name: Get branch name
id: branch-name
uses: tj-actions/branch-names#v6
- uses: actions/checkout#v3
with:
ref: ${{ steps.branch-name.outputs.base_ref_branch }}
- name: Copy .env
run: php -r "file_exists('.env') || copy('.env.example', '.env');"
- name: Install Dependencies
run: composer install -q --no-ansi --no-interaction --no-scripts --no-progress --prefer-dist
- name: Generate key
run: php artisan key:generate
- name: Update Patch Version
if: steps.branch-name.outputs.current_branch != 'test'
run: php artisan version:patch
- name: Update Minor Version
if: steps.branch-name.outputs.current_branch == 'test'
run: php artisan version:minor
- name: Update Timestamp
run: php artisan version:timestamp
- name: Update Commit
run: php artisan version:absorb
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action#v4
with:
commit_message: "version: update patch"
branch: ${{ steps.branch-name.outputs.base_ref_branch }}
push_options: '--force'
If the branch protection is active and the option "Require a pull request before merging" is marked, this will prevent any push even with --force to go to your protected branch.
In the github is impossible to push in a branch with option "Require a pull request before merging"
My solution for this problem is to work without this option.
There is a "Allow specified actors to bypass required pull requests" option nested under "Require a pull request before merging". Enable that and put in the user used to run the actions as exception worked for me.
Note that we created a GitHub App identity as "the exception user", added that to the exception list and use that to run the workflow (we use https://github.com/getsentry/action-github-app-token to load token from GitHub App to run workflow) because we don't know how to reference the "default user used to run action workflows".
How can I push some files that were generated by the runner (user1/repo1) to the main branch from another remote repo (user2/repo1) via GitHub actions?
Please note that:
I set-up a secret key (named ACCESS_TOKEN) in user1/repo1, such that it corresponds to the Personal Access Token from the destination repo (user2/repo1)
the GitHub actions needs to be repeated every ~30 minutes
there already exists a file.rds in the destination repo. The push thus needs to override that file every time
the runner needs to be macOS-latest
This is what I have tried so far:
name: gitaction
on:
schedule:
- cron: "*/30 * * * *"
workflow_dispatch:
jobs:
genFileAndPush:
runs-on: macOS-latest
steps:
- uses: actions/checkout#master
- uses: r-lib/actions/setup-r#master
with:
r-version: '4.1.2'
- name: Run R scripts and generate file
run: |
saveRDS(1:3, file = "file.rds")
shell: Rscript {0}
- name: Push to remote repository
run: |
git config --local user.name actions-user
git config --local user.email "actions#github.com"
git add file.rds
git commit -m "commit"
git remote set-url origin https://env.REPO_KEY#github.com/user2/repo1.git
git push -u origin main
env:
REPO_KEY: ${{secrets.ACCESS_TOKEN}}
username: github-actions
It returns the following error:
remote: Permission to user2/repo1.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/user2/repo1.git/': The requested URL returned error: 403
Error: Process completed with exit code 128.
What am I missing?
Edit
As suggested, I tried using GuillaumeFalourd/git-commit-push#v1.1:
name: gitaction
on:
workflow_dispatch:
jobs:
genFileAndPush:
runs-on: macOS-latest
steps:
- uses: actions/checkout#master
- uses: r-lib/actions/setup-r#master
with:
r-version: '4.1.2'
- name: Run R scripts and generate file
run: |
saveRDS(1:3, file = "file.rds")
shell: Rscript {0}
- uses: actions/checkout#v2.3.4
- uses: GuillaumeFalourd/git-commit-push#v1.1
with:
target_branch: main
files: file.rds
remote_repository: https://github.com/user2/repo1
access_token: ${{secrets.ACCESS_TOKEN}}
force: true
Although there were no error, the file was not pushed (because it was not detected?):
Run GuillaumeFalourd/git-commit-push#v1.1
Run CURRENT_BRANCH=${GITHUB_REF}
WARNING: No changes were detected. git commit push action aborted.
There are some actions on the Github Marketplace that can help you with pushing files to other repositories.
Here is an example of one supported on all OS runners.
The workflow would look like this:
name: gitaction
on:
workflow_dispatch:
jobs:
genFileAndPush:
runs-on: macOS-latest
steps:
- uses: actions/checkout#master
- uses: r-lib/actions/setup-r#master
with:
r-version: '4.1.2'
- name: Run R scripts and generate file
run: |
saveRDS(1:3, file = "file.rds")
shell: Rscript {0}
- uses: GuillaumeFalourd/git-commit-push#v1.3
with:
target_branch: main
files: file.rds
remote_repository: https://github.com/user2/repo1
access_token: ${{secrets.ACCESS_TOKEN}}
force: true
You can find more actions like this one on the marketplace.
Otherwise, you can also perform the whole operation manually using command lines to clone the remote repository, copy the files from the local repo wherever you want on the remote repo, then push the new files to the remote repository.
I am trying to create a bug tracker that allows me to record the error messages of the python script I run. Here is my YAML file at the moment:
name: Bug Tracker
#Controls when the workflow will run
on:
# Triggers the workflow on push request events
push:
branches: [ main ]
# Allows you to run this workflow manually from the Actions tab (for testing)
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build:
# Self Hosted Runner
runs-on: windows-latest
# Steps for tracker to get activated
steps:
# Checks-out your repository under BugTracker so the job can find it
- uses: actions/checkout#v2
- name: setup python
uses: actions/setup-python#v2
with:
python-version: 3.8
# Runs main script to look for
- name: Run File and collect bug
id: response
run: |
echo Running File...
python script.py
echo "${{steps.response.outputs.result}}"
Every time I run the workflow I can't save the error code. By save the error code, I mean for example... if the python script produces "Process completed with exit code 1." then I can save that to a txt file. I've seen cases where I could save if it runs successfully. I've thought about getting the error in the python script but I don't want to have to add the same code to every file if I don't have to. Any thoughts? Greatly appreciate any help or suggestions.
Update: I have been able to successfully use code in python to save to the txt file. However, I'm still looking to do this in Github if anyone has any suggestions.
You could :
redirect the output to a log file while capturing the exit code
set an output with the exit code value like:
echo ::set-output name=status::$status
in another step, commit the log file
in a final step, check that the exit code is success (0) otherwise exit the script with this exit code
Using ubuntu-latest, it would be like this:
name: Bug Tracker
on: [push,workflow_dispatch]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: setup python
uses: actions/setup-python#v2
with:
python-version: 3.8
- name: Run File and collect logs
id: run
run: |
echo Running File...
status=$(python script.py > log.txt 2>&1; echo $?)
cat log.txt
echo ::set-output name=status::$status
- name: Commit log
run: |
git config --global user.name 'GitHub Action'
git config --global user.email 'action#github.com'
git add -A
git checkout master
git diff-index --quiet HEAD || git commit -am "deploy workflow logs"
git push
- name: Check run status
if: steps.run.outputs.status != '0'
run: exit "${{ steps.run.outputs.status }}"
On windows, I think you would need to update this part:
status=$(python script.py > log.txt 2>&1; echo $?)
cat log.txt
For some weired reason I need to checkout using svn in github actions. I tried following
name: My Build from SVN
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
container: ghcr.io/XXXXX/XXXXX:main
steps:
- run : |
svn version
svn co --username ${{ secrets.SVN_USER }} --password ${{ secrets.SVN_PASSWORD }} --no-auth-cache <URL>
But I am getting following error each time
Username: svn: E170001: Unable to connect to a repository at URL ''
svn: E170001: OPTIONS of '': authorization failed: Could not authenticate to server: rejected Basic challenge ()
Error: Process completed with exit code 1.