i have a Github actions with Gcloud, this setup worked well, after 3 months (no changes) i ran another Deployment/Action but now there is a message:
Bucket is requester pays bucket but no user project provided.
What is the cause of this error?
I repeat, this Action worked well and no changes were made, just ran again after 3 months and failed.
My current Actions yaml is:
name: Deploy to GCloud
on:
push:
branches:
- master
- qa
env:
type: prod
PROJECT_ID: ${{ secrets.GCE_PROJECT }}
jobs:
setup-deploy:
name: Setup and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Setup gcloud environment
uses: GoogleCloudPlatform/github-actions/setup-gcloud#master
with:
version: '290.0.1'
service_account_key: ${{ secrets.GCE_SA_KEY }}
project_id: ${{ secrets.GCE_PROJECT }}
- name: Auth helper
run: |-
gcloud --quiet auth configure-docker
- name: Deploy
run: |-
gcloud app deploy app.${GITHUB_REF#refs/heads/}.yaml
ScreenShot
As the link I shared in my comment says, the error you are getting is because the Requester pays is enabled in the bucket you are using to deploy. I tried at my end enabling this feature, using the below command, and I got the same error as you.
gsutil requesterpays set on gs://BUCKET_NAME
There are some considerations you must take into account to use and access to a bucket when a Requester pays feature is enabled.
In case this feature was enabled long before you got the error and you suddenly started getting the error, or if the feature is not enable in the bucket (you can execute this command to verify it gsutil requesterpays get gs://BUCKET_NAME and you should get something like this gs://my-bucket: Enabled) and you get the error, I would recommend you to open a Support case to the Google team takes a look at your issue.
Related
I'm trying to automatically deploy an SPA website to an S3 bucket on AWS. I created a user in AWS specially to do this, and got the Access ID and Secret. I then added the main.yml file shown below to .github/workflows.
It certainly gets triggered when a PR from a branch is approved, but fails with the message: Could not load credentials from any providers
Here is my code:
name: CI
on:
push:
branches:
- main #here we choose to deploy only when a push is detected on the main branch
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2 # Use your bucket region here
# Here you could add some building steps if you were dealing with some angular/react/Vue...
# - name: Build static site
# run: yarn install && npm run-script build
- name: Deploy static site to S3 bucket
run: aws s3 sync ./dist/robert-phoenix/ s3://arn:aws:s3:::robertphoenix.info --delete
# --delete flag will remove any file in the s3 that are not on the "thefolder
I added the permissions entry based on comments I saw elsewhere. Examples given previously seemed to be at a time when GitHub only had one set of secrets. I added them to both Actions and Dependabot.
I'm not sure I have the right description for the S3 bucket, but the script doesn't get that far anyway, so that is not the cause of the current error.
I want to enable automatic builds on Heroku anytime I push to master branch on GitHub just like Heroku would do whenever I push to a branch that is connected to an app on their platform. Is there any way to achieve this?
We can achieve this feat with GitHub Actions. We can automate builds on Heroku whenever a push is made hence no need to worry about deploying to Heroku via heroku-cli.
At the root of your application, create a .github folder.
Inside of the .github folder, create a workflow folder
lastly, in the workflow folder, create a yaml file. I'll call mine build-heroku-app.yml. So the file structure is going to look like so:
my-awesome-app
- .github
- workflow
- build-heroku-app.yml
In build-heroku-app.yml file
# .github/workflows/build-heroku-app.yml // Just a comment
name: Build App on Heroku
on:
push: // type of event
branches:
- master // name of branch we want to listen to for event
jobs:
heroku-pull-request:
runs-on: ubuntu-latest
env:
HEROKU_APP_NAME: my-awesome-app // name of app on heroku
steps:
- name: Checkout repository
uses: actions/checkout#v3
with:
fetch-depth: 0
ref: ${{ github.ref_name }}
- name: Login to Heroku
uses: akhileshns/heroku-deploy#v3.12.12
with:
heroku_email: ${{ secrets.HEROKU_EMAIL }} // Heroku email address
heroku_api_key: ${{ secrets.HEROKU_API_KEY }} // Heroku API key
heroku_app_name: ${{ env.HEROKU_APP_NAME }} // Declared above
justlogin: true
- name: Add Heroku remote
run: heroku git:remote --app=${{ env.HEROKU_APP_NAME }}
- name: Push to master branch app on Heroku
run: git push heroku ${{ github.ref_name }}:master --force
Visit Github Actions Secrets Documentation to understand how secrets work in Github actions and how to create them.
You can view your Heroku API key by going to the API Key section on your Heroku Account settings page.
GitLab has an extremely useful feature called Review Apps which allows you to start up an instance of the web app from every PR which has its own subdomain and is linked on the PR page. I have done some searching and I don't see anything quite like it for GitHub.
Are there any ways to achieve a similar thing on github? 3rd party services are fine if they can integrate in with github. The app has a docker compose config so it would be just starting up an instance on a VM and shutting it down later.
The closest would be Delivering deployments/Deployment API, as described in the article "Deploy your pull requests with GitHub Actions and GitHub Deployments" from Sander Knape.
You can see its workflow here.
But the point is: there is not a directly integrated "review" deployment process like GitLab: you need to write your own GitHub workflow in order to deploy on a GitHub-managed Azure-based server, starting with:
deploy:
runs-on: ubuntu-latest
needs: deploy-check
if: needs.deploy-check.outputs.triggered == 'true'
steps:
- name: get pull request ref
id: get_pull_request_ref
uses: octokit/request-action#v2.x
with:
route: GET /repos/:repository/pulls/:issue_id
repository: ${{ github.repository }}
issue_id: ${{ github.event.issue.number }}
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
I have a simple Node JS application built in the build directory using yarn and trying to deploy on GitHub Pages using GitHub Actions using crazy-max/ghaction-github-pages#v2 actinon in the simplest form:
- name: Deploy
uses: crazy-max/ghaction-github-pages#v2
with:
target_branch: master
build_dir: build
env:
$GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
(Note I deploy to master because the repository name is equal to the <<username>>.github.io)
To my surprise, it fails on the following error:
Error: You have to provide a GITHUB_TOKEN or GH_PAT
The whole message is not helpful as long as I know the GITHUB_TOKEN is automatically generated with each build.
The repository has the following settings under Action:
Actions permissions: Allow all actions
Fork pull request workflows from outside collaborators: Require approval for first-time contributors
Workflow permissions: Read and write permissions
The whole token and permissions management in GitHub is overkill for simple projects and the documentation lacks sample settings and the reader only goes down the rabbit hole.
How to get this run?
Based on the documentation I'm reading, it looks like you need to remove the leading $ from your environment variable name you are setting
Like this:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Documenation:
https://github.com/crazy-max/ghaction-github-pages
I have a repository which contains deploy keys. I want a workflow job which periodically checks whether any of the deploy keys are reaching their maximum allowed age before they must be rotated. I tried writing a workflow like this, using the GITHUB_TOKEN, but it looks like it doesn't have the necessary privileges. My repository belongs to a GitHub Organization.
name: Check age of repository deploy key
# This workflow is triggered on pushes to the repository.
on:
push:
schedule:
# Runs 06:00 every day
- cron: '0 6 */1 * *'
jobs:
expiry_check:
env:
DEPLOY_KEY_METADATA_URL: https://api.github.com/repos/my_org/my_repo/keys
DEPLOY_KEY_MAX_AGE: 3600*24*365 # 1 year
# This job runs on Linux
runs-on: ubuntu-latest
steps:
# GitHub repository checkout
- name: GitHub repository checkout
uses: actions/checkout#v1
- name: Check if any deploy keys are approaching their expiry data
run: |
python3 -c "import requests;import sys;url=sys.argv[1];token=sys.argv[2];r=requests.get(url, headers={'Authorization': f'Bearer {token}'});print(r.text)" $DEPLOY_KEY_METADATA_URL ${{ secrets.GITHUB_TOKEN }}
The response to my API request has this error: {"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/rest/reference/repos#list-deploy-keys"}
Is there some other solution to this problem, besides personal access tokens and GitHub Apps? The first option is not feasible; business logic can't break when an employee leaves the GitHub Organization. I suppose I could make a GitHub App, but I'd rather avoid that too, if I can. I'm not an admin in my GitHub Organization.