I have a github actions job which is failing on the last job.
The build, unit test and regression test jobs are working fine but the pull-request job fails.
This is the code for the failing job, the token has been replaced.
pull-request:
needs: regression
name: PullRequest
runs-on: ubuntu-latest
steps:
- name: pullrequest
uses: repo-sync/pull-request#v2
with:
source_branch: development
destination_branch: master
pr_label: automerge
github_token: ${{ secrets.ghp_secretscretsecretetcetc }}
And this is the message I get when the job fails
Any ideas on what I am missing please?
Kev
It seems that the problem is with the GITHUB_TOKEN you informed.
GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow (you can find more information about it here).
Therefore in your case, you can follow the specifications informed on the action repository you're using:
pull-request:
needs: regression
name: PullRequest
runs-on: ubuntu-latest
steps:
- name: pullrequest
uses: repo-sync/pull-request#v2
with:
source_branch: development
destination_branch: master
pr_label: automerge
github_token: ${{ secrets.GITHUB_TOKEN }}
If you ever need a GITHUB_TOKEN with specific permissions, you can also create a Personal Access Token and add it as a secret to your repository.
In that case, you would overwrite the github_token: ${{ secrets.GITHUB_TOKEN }} by github_token: ${{ secrets.YOUR_SECRET_NAME }}.
Related
Following this documentation, I'm using the default GITHUB_TOKEN secret to download & publish packages from another repository of mine (same scope) on GitHub registry, from a workflow. Yarn is configured to use the environment variable GITHUB_TOKEN. When using the default GITHUB_TOKEN secret, I get a 403 (Forbidden) error when downloading the package.
When using a PAT (a secret named TOKEN that I define manually with write:packages right), it works fine, when not using any token, I get a different error. Therefore, I assume the token is well transmitted and there is a right issue.
What am I missing?
Thank you.
Here is my repository settings (Actions > General) :
Allow all actions and reusable workflows: Any action or reusable workflow can be used, regardless of who authored it or where it is defined.
Read & write permissions: Workflows have read and write permissions in the repository for all scopes.
Here is a test workflow (link here):
name: Test Token
on:
workflow_dispatch:
jobs:
# Fail
github:
name: Test GitHub Token
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout#v3
- name: Setup Node
uses: actions/setup-node#v3
with:
node-version: 18
- name: Install dependencies
run: yarn install
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Success
pat:
name: Test PAT
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout#v3
- name: Setup Node
uses: actions/setup-node#v3
with:
node-version: 18
- name: Install dependencies
run: yarn install
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
I managed to create two actions on 1 private repository:
The first one builds the image and push the docker image to GitHub
Container Registry
The second one needs to be triggered when newer
image is published to the GitHub container registry and deploy the
image
The issue is that the second one it doesn't get triggered and doesn't run. I use GitHub Repo Token, and I found this that says triggering new workflows should be done using a personal access token. Is this the real issue or there is some workaround? Personally I don't want to put my github token there.
As reference here is the yml code for the fist github action:
name: Build Docker Image
on:
push:
branches:
- feature/ver-64/service-template
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout#v2
-
name: Docker meta
id: meta
uses: docker/metadata-action#v3
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=sha
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action#v1
-
name: Login to Github Container Repository
if: github.event_name != 'pull_request'
uses: docker/login-action#v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push
uses: docker/build-push-action#v2
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
And this is the yml for the second one that needs to be trigered once the first one publish new image to the registry:
name: Deploy to Azure
on:
registry_package:
types: [ published, updated ]
jobs:
debug:
runs-on: ubuntu-latest
steps:
- uses: hmarr/debug-action#v2
GitHub actions prevents triggering more actions. Sort of to protect against infinite loops. Hence why the token used by GitHub Actions has a special flag on it which causes the 2nd workflow not to trigger.
You have a few options:
Use a PAT to push to GitHub Container Registry. (as per the docs)
Have a 2nd stage that depends on the first one in your existing workflow to perform the deployment.
A variation on 2, use a template to extract the deploy logic to a single template, use the same template action in both the workflow that pushes the image as well as the workflow that triggers when an image is pushed
I have a yml file with 5 jobs as below
build - working
unit tests - working
regression tests - working
create pull request - working
merge pull request - not working
The first 3 jobs work on my development branch so my file begins with
name: Spicethedeploy
on:
push:
branches:
- development
jobs:
Job 4 I specify this
source_branch: "development"
destination_branch: "master"
But when job 5 runs it looks for a pull request for development not master and does not complete. The code for this job is:
automerge:
needs: pull-request
runs-on: ubuntu-latest
steps:
- name: automerge
uses: pascalgn/automerge-action#v0.13.1
env:
GITHUB_TOKEN: ${{ secrets.ghp_xxxxxxxxxxxxxxxxxxxx }}
Can someone tell me how to make this job look to the master branch?
I have created a second yml file called automerge.yml, contents below
name: automerge
on:
pull_request:
branches:
- master
jobs:
automerge:
runs-on: ubuntu-latest
steps:
- name: automerge
uses: pascalgn/automerge-action#v0.13.1
env:
GITHUB_TOKEN: ${{ secrets.ghp_xxxxxxxxxxxxxxxxxxxxxxxx }}
MERGE_LABELS: "automerge"
The pull request has also been removed from the first yml file which now stops after creating the pull request. The new yml file then kicks in and tries to merge but skips with this message
Run pascalgn/automerge-action#v0.13.1
2021-04-04T18:36:14.889Z INFO Event name: pull_request
2021-04-04T18:36:15.102Z INFO Skipping PR update, required label missing: automerge
2021-04-04T18:36:15.102Z INFO Skipping PR merge, required label missing: automerge
The documentation on MERGE_LABELS: here says -
When an empty string ("") is given, all pull requests will be merged.
Following that, this worked for me
- id: automerge
name: automerge
uses: "pascalgn/automerge-action#v0.15.3"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
MERGE_LABELS: ""
Thanks to GuiFalourd for the tips which pointed me in the right direction on this. Following his advice led me to this solution which works well
merge:
needs: pull-request
name: merge
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout#v2
- name: merge
uses: mtanzi/action-automerge#v1
id: merge
with:
github_token: ${{ secrets.ghp_xxxxxxxxxxxxxxxxxxxxxxxxx }}
source: 'development'
target: 'master'
In the following workflow, I want to add cache functionality so that, every time it will build from scratch. this is the workflow:
# This workflow will do
# a clean install of node deps
# build the source code
# run test across different versions of node
name: Conflict Check
on:
push:
branches:
- staging
pull_request:
branches:
- staging
jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: mschilde/auto-label-merge-conflicts#master
with:
CONFLICT_LABEL_NAME: 'has conflicts'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
How can I achieve this?
You can use actions/cache action for purposes of caching in Github Actions.
jobs:
triage:
runs-on: ubuntu-latest
steps:
- name: Cache build files
uses: actions/cache#v2
with:
path: ${{ PATH_TO_CACHE }}
key:${{ runner.os }}-${{ hashFiles(<glob_pattern_for_files>) }}
- uses: mschilde/auto-label-merge-conflicts#master
with:
CONFLICT_LABEL_NAME: 'has conflicts'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
The example above assumes you want to cache your files between runs on different refs but your actual key declaration would depend on what you are trying to do.
For example if you are trying to cache between jobs or workflow runs on same ref:
key: ${{ runner.os }}-${{ github.sha }}
I created a GitHub action on:issue_comment, I can see the flow running only in the action tab, but not in the PR, where I made the comment.
I want to comment in a PR and trigger a check on that PR (not on master)
here is my workflow:
name: issue-comment-CI-test
on:
issue_comment:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Run a one-line script
run: echo Hello, world!
- name: Run a multi-line script
run: echo ${{ github.event.comment.body }}
currently, I'm just printing the comment body, But I plan to check the body, and if it is equal to "run integration tests" then I'll run my integration tests (maven)
Basically you need to checkout to the PR origin. For that, first make a API request to the pr url and fetch all ref.
Then do the checkout on the fetched repo and branch.
Step1
- name: Github API Request
id: request
uses: octokit/request-action#v2.0.0
with:
route: ${{ github.event.issue.pull_request.url }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Step 2
- name: Checkout PR Branch
uses: actions/checkout#v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
repository: ${{ fromJson(steps.request.outputs.data).head.repo.full_name }}
ref: ${{ steps.pr_data.outputs.branch }}
You can follow the following example, specially the GitHub API Request part.
I've also implemented it in one of our workflows, you can take reference from that as well.
https://github.com/adrianjost/workflow-trigger-comment-example/blob/master/.github/workflows/demo.yml
https://github.com/TeamAmaze/AmazeFileManager/blob/master/.github/workflows/android-debug-artifact-ondemand.yml
You need to checkout the Pull Request. You can get the PR ID by using {{ GITHUB_REF }}.
You can checkout the PR with:
git fetch origin pull/{{ GITHUB_REF }}/head:PR
git checkout PR
See https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/checking-out-pull-requests-locally, https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#onevent_nametypes, https://help.github.com/en/actions/automating-your-workflow-with-github-actions/using-environment-variables
and https://developer.github.com/v3/pulls/ for reference.
Used built-in gh command to fetch the branch instead of using actions/checkout.
name: issue-comment-CI-test
on:
issue_comment:
types: [created]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v3
- run: |
gh pr checkout ${{ github.event.issue.number }}
# do your job...
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required for gh