GitHub Actions: Must have admin rights to trigger workflow_dispatch? - github

Using the github API I am trying to manually start a workflow using:
curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: MY_TOKEN" \
https://api.github.com/repos/djpr-data/djprdashdata/actions/workflows/refresh-data.yaml/dispatches
but I keep getting an authentication error:
{
"message": "Must have admin rights to Repository.",
"documentation_url": "https://docs.github.com/rest/reference/actions#create-a-workflow-dispatch-event"
}
This seems to be a similar issue to this question. But my PAT token has all admin and repo scopes selected. I also have my user account setup as admin for the repository and I have added a workflow dispatch to the workflow yaml file.
workflow_dispatch:
inputs:
tags:
description:
"run from cmdline"
I have been following the docs at https://docs.github.com/en/rest/actions/workflows#create-a-workflow-dispatch-event and have had no problems using the API to retrieve all previous workflow jobs. I have also tried the runs and jobs endpoints but get the same error. So I am now not sure what else I can do. Is there somewhere else I need to set permissions?
Thanks

This is a poor error message to tell you that your request is not formed correctly. If you want to pass a PAT as a header, you need to prefix it with token, as described in the docs:
-H "Authorization: token MY_TOKEN"
Once that's resolved, however, you'll also get an error because you don't pass the required ref payload. Assuming your default branch is main, here's a correct curl command:
> export MY_TOKEN=gha_abcdef
> curl \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: token $MY_TOKEN" \
-d '{"ref": "main"}' \
https://api.github.com/repos/djpr-data/djprdashdata/actions/workflows/refresh-data.yaml/dispatches

Related

curl command failing to download release asset from private GitHub repo

According to multiple answers provided in other similar questions, I am trying to download a release assed from GitHub using curl, as follows:
curl -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: Bearer XXXXXXXX" -LJO https://github.com/Org/repo/releases/download/0.4.2/repo-linux-amd64
This keep fetching a file with content Not Found.
When opening the link https://github.com/Org/repo/releases/download/0.4.2/repo-linux-amd64 from an authenticated browser window, it does download the file.
I have also tested my token by running
curl -H "Authorization: token XXXXXXXX" https://api.github.com/user
What is more, the token has the right scopes given that
gh release download 0.4.2 --pattern repo-linux-amd64 -R Org/repo
also works (the token value is exported in the GITHUB_TOKEN environment variable).
I have also tried this variation (with token instead of Bearer in the Authorization header) and the end result is the same
curl -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" -H "Authorization: token XXXXXXXX" -LJO https://github.com/Org/repo/releases/download/0.4.2/repo-linux-amd64
What am I missing?

importing repos to github from curl results in 404 response

i am trying to use the curl command for github importer to import repositories from tfs (as git), following github's documentation
when i am running this command, i get a 404 response:
curl \
-X PUT \
-H "Accept: application/vnd.github.v3+json"\
-H "Authorization: token {MY_GITHUB_TOKEN}" \
https://api.github.com/repos/{MY-ORGANIZATION}/{REPO_NAME}/import \
-d '{"vcs":"git","vcs_url":"{TFS_REPO_URL}","vcs_username":"{TFS_USER_NAME}","vcs_password":"{TFS_PAT"}'
when i run the importer from the ui in github, everything works.
when i run a curl command to check the import status (for the repo i imported from the ui), i get a valid response:
curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token {MY_GITHUB_TOKEN}" \
https://api.github.com/repos/{MY-ORGANIZATION}/{REPO_NAME}/import
what is the missing piece?
so apparently the importer works differently from the ui and from the api:
when running the importer from curl we first need to create a repo in github and only then we can import it.

Create environment for repository using gh

Is it possible to create a new environment for a repository https://github.com/org/repo/settings/environments using the gh cli?
The only mention of environment I can find in the manual is here https://cli.github.com/manual/gh_secret_set where it says you can assign a secret to an existing environment, but it seems the environment would have to be created manually.
From what I'm seeing here in the gh cli repo that's going to be a no at this time. The issue [linked] is an enhancement request for just that.
I too wanted to know if this could be done, as it's part of my workflow to inject environment secrets.
You can still use the API to create it though.
curl -X PUT \
-H 'Authorization: Bearer ghp_...' \
-H 'Accept: application/vnd.github.v3+json' \
https://api.github.com/repos/<org>/<repo>/environments/<env>
Basically you need to create the environment first, then you can set branch policies:
jq -n '{"deployment_branch_policy": {"protected_branches": false, "custom_branch_policies": true}}'|gh api -H "Accept: application/vnd.github+json" -X PUT /repos/:owner/:repo/environments/dev --input -
gh api --method POST -H "Accept: application/vnd.github+json" "/repos/Oceaneering/it_infra_base_application_bootstrapper/environments/dev/deployment-branch-policies" -f name=dev
I wrote a python script for my use case that uses the gh cli to create environments and can include a branch pattern.
https://gist.github.com/walkerk1980/8a6f6879b32260360854a89bb880a48d

Getting "not found" after authenticating when trying to initiate GitHub workflow via REST

I am trying to trigger the workflow_dispatch action for a GitHub workflow via REST but I am getting a "not found" error.
My question is similar to this one but the difference is that I am still getting the "not found" error even though the header indicates I am authenticated (the rate limit has increased to 5,000).
Here's my script:
#!/bin/bash
# https://docs.github.com/en/rest/reference/actions#create-a-workflow-dispatch-event
OWNER='myGithubOrganization'
REPO='myRepo'
WORKFLOW_ID='main.yml'
POST_URL="https://api.github.com/repos/$OWNER/$REPO/actions/workflows/$WORKFLOW_ID/dispatches"
echo "Calling $POST_URL"
GITHUB_PERSONAL_ACCESS_TOKEN=$(echo "$PLATFORM_VARIABLES" | base64 --decode | jq '.GITHUB_PERSONAL_ACCESS_TOKEN' --raw-output)
# -i to include headers.
curl \
-i \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token $GITHUB_PERSONAL_ACCESS_TOKEN" \
$POST_URL \
-d '{"ref":"ref"}'
In the headers, I see the rate limit has increased to 5,000, so I know I am logged in.
The personal access token has the following permissions:
repo
workflow
admin:org_hook
The personal access token is for a machine user.
In the repo settings, under "Collaborators and teams", the machine user account has the "Read" role.
What more do I need to do to trigger the workflow?
The machine user needs to have write access, not read access.
This is true even if the workflow does something like run CI tests and does not write any code.

GitHub actions repository_dispatch event POST request not working due to organisation repository

I am trying to trigger a GitHub action workflow, which is in my organisations repository and I am the owner of the organsisation
I am trying to trigger using below POST request
curl -H "Accept: application/vnd.github+json" -H "Authorization: token " --request POST --data '{"event_type": "do-something"}' https://api.github.com/repos/USER/REPO/dispatches
But I am getting below message
{
"message": "Not Found",
"documentation_url": "https://docs.github.com/rest/reference/repos#create-a-repository-dispatch-event"
}
my workflow
name: Node.js CI
on:
repository_dispatch:
schedule:
- cron: '5 12 * * 0'
jobs:
build:
runs-on: ubuntu-latest
I think as it not in my account instead it is in organisation account, that is why it might be giving this error.
Any work-around will be helpful.
Generate a token from Github Setting Panel with appropriate privileges and use the following URL
curl -X POST -u <githubusername>:<token> -H "Content-Type: application/json" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/<organization>/<repository_name>/dispatches" -d #test.json
Where test.json contains your json data.
As per the docs
This endpoint here requires write access to the repository by providing either:
Personal access tokens with repo scope. For more information, see "Creating a personal access token for the command line" in the GitHub Help documentation.
GitHub Apps with both metadata:read and contents:read&write permissions.
token - A repo scoped GitHub Personal Access Token.
Validate that your token has full scope of repo.
curl 'https://api.github.com/repos/USER/REPO/dispatches' --request POST \
-H 'Accept: application/vnd.github.everest-preview+json' \
-H 'Content-Type: application/javascript' \
-H 'Authorization: Bearer token' \
--data-raw '{
"event_type": "do-something",
"client_payload": { "text": "my custom text here" }
}'