Existing GitHub Pipeline Broken - github

I got a error while running github actions pipeline with the repository isn't found.
workflow.yml
name: CI
on:
push:
branches: [ master ]
workflow_dispatch:
jobs:
deploy:
# needs: build
runs-on: ubuntu-latest
name: Deploy
steps:
- name: Extract artifact
uses: D3rHase/ssh-command-action#v0.2.1
with:
HOST: ${{ secrets.HOST }}
USER: ${{ secrets.USER }}
PRIVATE_SSH_KEY: ${{ secrets.SSHGITHUBACTIONS }}
COMMAND: |
source ${{secrets.LOADRUNNER}}
cd ${{ secrets.FRONTENDPATH }}
${{secrets.GETARTIFACTS}}
pm2 restart all
I trying to run my GitHub actions pipeline and I got the repository isn't found
***:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Use --update-env to update environment variables

Related

Github actions token workflow not set error

Hello everyone I am currently writing a workflow to auto merge when a pull request is made but I am stuck at an error telling me my token is not set more specifically: 2023-02-19T02:09:08.581Z ERROR environment variable GITHUB_TOKEN not set!. I have set all my tokens in my repo and settings tab. Any help would be appreciated.
name: CI/CD
on:
pull_request:
branches: [ master ]
jobs:
super-linter:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v2
- name: Super-Linter
uses: github/super-linter#v4.10.1
with:
files: ${{ join(github.event.pull_request.changed_files, ',') }}
Merge:
runs-on: ubuntu-latest
needs: super-linter
steps:
- name: Checkout Code
uses: actions/checkout#v2
- name: Merge pull requests
uses: pascalgn/automerge-action#v0.14.1
with:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
deploy:
runs-on: self-hosted
needs: Merge
steps:
#- uses: actions/checkout#v2 #this is used for if you want to push all source code into runner
- name: update code base
working-directory: /test_pipe/www/html
run: sudo git pull origin master
- name: restart
working-directory: /test_pipe/www/html
run: sudo systemctl restart nginx
image of error
pascalgn/automerge-action accepts GITHUB_TOKEN as an env variable, not as an argument. So it should be:
- name: Merge pull requests
uses: pascalgn/automerge-action#v0.14.1
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
Refer to the documentation: https://github.com/pascalgn/automerge-action#usage

GitHub Actions Reuse Workflow Definitions

I have a project where I have two GitHub actions yml file where the first file is called build.yml and it contains instructions to compile, build and test the project. It is as simple as this:
name: build my-project
on:
push:
paths-ignore:
- 'images/**'
- README.md
branches:
- master
pull_request:
branches:
- master
release:
types: [ created ]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: cache ivy2
uses: actions/cache#v1
with:
path: ~/.ivy2/cache
key: ${{ runner.os }}-sbt-ivy-cache-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
- name: sbt Test
run: sbt clean test
I now have another yml file that contains the instructions to do a release based on annotated tags. It is like this:
name: release my-project
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v[0-9]+.[0-9]+.[0-9]+-[a-zA-Z]*'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
build:
uses: ./.github/workflows/build.yml
publish:
runs-on: ubuntu-latest
needs: test # See build.yml file where the test job is defined
# If there is a tag and if that tag comes from master branch
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: checkout
uses: actions/checkout#v3
- name: capture changelog
id: changelog
uses: metcalfc/changelog-generator#v4.0.1
with:
myToken: ${{ secrets.GITHUB_TOKEN }}
- name: sbt ci-publish-github
run: sbt publish
- name: ci-release-github
id: create-release
uses: actions/create-release#latest
with:
allowUpdates: true
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body: |
## What's Changed
${{ steps.changelog.outputs.changelog }}
draft: false
prerelease: false
I just created an annotated tag which then resulted in an error like this:
Invalid workflow file: .github/workflows/publish.yml#L14
error parsing called workflow "./.github/workflows/build.yml": workflow is not reusable as it is missing a `on.workflow_call` trigger
So basically what I want is, when I push an annotated tag, I want to first run the test job from build.yml and then once that succeeds, I would like to run the publish job. Any suggestions on how to get this straight?
So basically what I want is, when I push an annotated tag, I want to first run the test job from build.yml and then once that succeeds, I would like to run the publish job. Any suggestions on how to get this straight?
You almost got it right with your implementation. You just need a few modifications:
The build job needs to depends on the publish job:
name: release my-project
on:
push:
# Sequence of patterns matched against refs/tags
tags:
- 'v[0-9]+.[0-9]+.[0-9]+-[a-zA-Z]*'
jobs:
publish:
[ ... ]
build:
needs:
- publish
uses: ./.github/workflows/build.yml
The build needs the workflow_call trigger (as stated by the error message - Reference):
on:
workflow_call:
push:
[ ... ]
Note: You could even share the tag value from the previous workflow, sending it as input to the second one by using:
on:
workflow_call:
inputs:
tag:
required: true
type: string
Calling the reusable workflow that way from the main workflow:
build:
needs:
- publish
uses: ./.github/workflows/build.yml
with:
tag: 'MY TAG'
I was able to fix it by adding the following in my publish.yml:
jobs:
tests:
uses: ./.github/workflows/build.yml
publish:
runs-on: ubuntu-latest
needs: [tests] # See build.yml file where the test job is defined
In my build.yml, I had to add the following:
on:
push:
paths-ignore:
- 'images/**'
- README.md
branches:
- master
pull_request:
branches:
- master
release:
types: [ created ]
workflow_call:
Notice that workflow_call: entry that needs to be added explicitly.

github action pull request event is not running

I have a GitHub action code with terraform and ECR, ECS now I have two branch master and feature and when I created Pull-request for feature to master
then only my terraform plan code will run but when i create a Pull-request and merge to master then my GitHub action running but that part is skipped i am not sure why it is happing please find the below attached code
---
name: "workflow"
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches: [ "master" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
cd:
name: "Deployment"
runs-on: "ubuntu-latest"
#if: startsWith(github.ref, 'refs/tags/')
steps:
- name: "Checkout Code"
uses: "actions/checkout#v2"
- name: Set tag
id: vars
run: echo "::set-output name=tag::${GITHUB_REF#refs/*/}"
- name: Configure AWS credential
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login#v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: my_ecr_repi
IMAGE_TAG: ${{ github.event.head_commit.message }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Setup Terraform
uses: hashicorp/setup-terraform#v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Init
run: |
cd terraform_with_ALB
terraform init
- name: Terraform Format
id: fmt
run: |
cd terraform_with_ALB
terraform fmt -check
- name: Terraform Validate
id: validate
run: |
cd terraform_with_ALB
terraform validate -no-color
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: |
cd terraform_with_ALB
terraform plan -no-color -input=false
continue-on-error: true
till terraform valiate it wokring fine after that it skip terraform plan part
you are missing the pull_request element in the on section.
on:
# Triggers the workflow on push or pull request events but only for the "master" branch
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]

GitHub Environments deploying staging on tag push fails

I am trying to deploy infrastructure as code from main branch on multiple environments with GitHub environments. I want to deploy whenever there is merge/push to main in development env, but when there is a tag on the commit like r2022-09-07 deploy the code on a staging env. but it fails every time due to the protection rule.
This is the error I get when the code needs to be deployed on staging:
This is the ci.yml workflow I have for deploying on multiple env from main branch using GitHub env.
name: Lint, Compile and Deploy
on:
push:
branches: [main]
tags:
- 'r*'
pull_request:
jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- name: install deps
run: yarn --frozen-lockfile
- run: yarn lint
- run: yarn prettier
- run: yarn compile
- run: yarn synth
- run: yarn test
# CD: ci -> dev -> staging -> production
## only deploy to dev from main branch
deploy-dev:
if: ${{ github.ref_name == 'main' }}
needs: ci
runs-on: ubuntu-latest
environment:
name: Dev
url: https://...
env:
STACK: ...
AAD_TENANT: ...
ARM_TENANT_ID: ...
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
steps:
- uses: actions/checkout#v3
- run: yarn --frozen-lockfile --production
- run: |
az login --service-principal --tenant $AAD_TENANT \
--username "${{ secrets.AZURE_CLIENT_ID }}" --password "${{ secrets.AZURE_CLIENT_SECRET }}"
yarn deploy $STACK --auto-approve
## deploy to staging only from main branch, if a commit has a tag starting with `r` (for ex. r2022-09-07)
deploy-staging:
if: ${{ startsWith(github.ref, 'refs/tags/r') }}
runs-on: ubuntu-latest
environment:
name: Staging
URL: ....
env:
STACK: ...
AAD_TENANT: ...
ARM_TENANT_ID: ...
ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }}
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
steps:
- uses: actions/checkout#v3
- run: yarn --frozen-lockfile --production
- run: |
az login --service-principal --tenant $AAD_TENANT \
--username "${{ secrets.AZURE_CLIENT_ID }}" --password "${{ secrets.AZURE_CLIENT_SECRET }}"
yarn deploy $STACK --auto-approve
Staging env protection rules configs:
I was following the official GitHub docs but didn't find anything specific for this case, any idea what should be fixed in the above yaml?
Based on your last screenshot, push events on the main branch are going to be permitted to use the Staging environment.
I've been playing around with Environments too and had my own question, which lead me to yours!
My suggestion would be to remove branch protections and then use workflow logic to call the specific Environment:
on:
push:
branches: [main]
tags:
- 'r*'
pull_request:
jobs:
ci:
if: startsWith(github.ref_name, 'r*') || github.ref_name == 'main'
runs-on: ubuntu-latest
environment: Staging
steps:
...
Edit based on comments made by OP on 10/12/2022
If you want to deploy to dev when you only push to main:
on:
push:
branches: [main]
jobs:
ci-dev-only:
if: github.ref_name == main
runs-on: ubuntu-latest
environment: dev
steps:
...
ci-staging:
if: github.ref_type == tag
runs-on: ubuntu-latest
environment: staging
steps:
...
ci-prod:
if: github.ref_type == tag && startsWith(github.ref_name, 'r*')
runs-on: ubuntu-latest
environment: prod
steps:
...
Keep in mind that tags are branch agnostic. You can't pin them on a branch.
That all being said, I think releasing to dev from your main branch is an anti-pattern. While there are some use cases that use main as a development branch, deployments to dev should be done in a branch. The reason being is that your main branch should be your source of truth. If your code is likely to change between your last push to main to when you tag it, it really should be done in a branch.
A better pattern would be that you push to staging on main, and then production on a tag.
But if you have a business case for your pattern, feel free to ignore me.

Where do I put my username for 'https://github.com' to pull from my private repo through github actions?

I have a private repo and I'm trying to set my github actions so that when I push my code onto github, my workflow pulls the code from github to the server (ubuntu). For my secrets I have the host set to the IP address, username set as root, and a ssh key in private key.
When I run this the 'git pull' request fails and gives me an error: "fatal: could not read Username for 'https://github.com': No such device or address". Obviously it wants my github username and password which I can do when I manually run this in the command line, but how do I insert it for github actions?
name: Pull code, rebuild files and restart pm2 processes
on:
push:
branches: [master]
jobs:
update:
runs-on: ubuntu-latest
steps:
- name: Rebuild server
uses: garygrossgarten/github-action-ssh#release
with:
command: |
cd testwebsite.com
git pull
npm install
npx tsc
cd client
npm run build
pm2 restart server client
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
privateKey: ${{ secrets.PRIVATE_KEY}}
You can use pre-built action for this operation, actions\checkout#v1. https://github.com/actions/checkout
Your file should look something similar to this
on:
pull_request:
push:
branches:
- development
jobs:
primary:
runs-on: ubuntu-latest
env:
working-directory: ./
steps:
- uses: actions/checkout#v1
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node#v1
with:
node-version: 12.x
- name: install Dependencies
run: yarn install
working-directory: ${{env.working-directory }}