I'm trying to create a github action that searches all PRs in our repository with a specific label. The api call returns the correct result when running it locally with my personal access token but in the action it seems to get no results.
The default workflow permissions are "Read and write".
This is the action code:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- name: Search label deploy-in-dev
run: |-
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/search/issues?q=repo:private-org/example+is:pull-request+is:open+label:deploy-in-dev" \
| grep "\"number\":" \
| sed 's/.*"number": \([0-9]*\),/\1/g' \
| while IFS= read -r pr_number; do
echo "Found pr with label with pr number ${pr_number}"
done
Could this be a permission error or do I miss something else?
There is a great GH action - GitHub Script. It allows writing scripts in your workflow and provides an easy and elegant way to run these scripts.
Working example:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
name: Search and remove deploy-in-dev label
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/github-script#v6
name: Search and remove deploy-in-dev label
with:
script: |
const label = 'deploy-in-dev';
const pullRequests = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open'
});
console.log(`Found ${pullRequests.data.length} Pull Request(s)`);
await Promise.all(pullRequests.data.map(async (pr) => {
if (pr.labels.filter(l => l.name === label).length === 0) {
console.log(`Skipping PR number ${pr.number}`);
return;
}
console.log(`Removing label ${label} from PR number ${pr.number}`);
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
name: label
});
}));
I did not use the GITHUB_TOKEN correct. It needs to be ${{ secrets.GITHUB_TOKEN }} instead of ${ GIHTUB_TOKEN }. It works like this:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
name: Search and remove deploy-in-dev label
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- name: Search and remove label deploy-in-dev
run: |-
curl --silent \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" \
| grep "\"number\":" \
| sed 's/.*"number": \([0-9]*\),/\1/g' \
| while IFS= read -r pr_number; do
echo "Found pr with label with pr number ${pr_number}"
done
As a bonus I added to minimal set of permissions to the action so that it still runs. The only permission needed is pull-requests: read. If the action should also be able to add or remove a label the permission needs to be pull-requests: write. The complete action I now use is this one:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
name: Search and remove deploy-in-dev label
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Search and remove label deploy-in-dev
run: |-
curl --silent \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" \
| grep "\"number\":" \
| sed 's/.*"number": \([0-9]*\),/\1/g' \
| while IFS= read -r pr_number; do
echo "Removing label from pr number ${pr_number}"
curl --silent \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/issues/${pr_number}/labels/deploy-in-dev
done
Related
so I am new to git action workflow and got my first task which is a workflow_dispatch which listen to a code changes in some directory (source/team_a).
I want to be able to display only the relevant branches as a potential input.
After that I want to be able to deploy that branch into a environment.
I consult with chatGPT and he suggest the following, I prefer to get a real expert opinion about that.
name: Deploy to QA
on:
workflow_dispatch:
inputs:
branch:
description: "Branch to deploy"
required: true
type: string
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Get list of branches
id: branches
run: |
# Replace REPO_OWNER and REPO_NAME with the owner and name of your repository
curl -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/REPO_OWNER/REPO_NAME/branches | \
jq '.[] | select(.name | startswith("source/team_a")) | .name'
- name: Set branch list
uses: actions/set-output#v1
with:
name: branches
value: ${{ fromJson(steps.branches.outputs.stdout) | join(",") }}
- name: Deploy to QA
uses: actions/some-deployment-action#v1
with:
git_auth: ${{ secrets.GIT_AUTH }}
repository: my-repository
target: qa
branch: ${{ inputs.branch }}
- name: Run tests
run: run-tests.sh
One of my GitHub Actions for automatic tagging is not working and I don't seem to know why.
Here is my tag.yml:
name: 'tag'
on:
push:
branches:
- main
jobs:
tag:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout#v2.4.0
- name: 'Tag'
uses: anothrNick/github-tag-action#1.36.0
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
The error I get is this:
Warning: Unexpected input(s) 'repo-token', valid inputs are ['entryPoint', 'args']
Run anothrNick/github-tag-action#1.36.0
/usr/bin/docker run --name a72c5b92e429db40e09e9b93f3e458fdb9_f74ce8 --label 9916a7 --workdir /github/workspace --rm -e INPUT_REPO-TOKEN -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/terraform-provider-mirantis/terraform-provider-mirantis":"/github/workspace" 9916a7:2c5b92e429db40e09e9b93f3e458fdb9
*** CONFIGURATION ***
DEFAULT_BUMP: minor
WITH_V: false
RELEASE_BRANCHES: master,main
CUSTOM_TAG:
SOURCE: .
DRY_RUN: false
INITIAL_VERSION: 0.0.0
TAG_CONTEXT: repo
PRERELEASE_SUFFIX: beta
VERBOSE: true
Is master a match for main
Is main a match for main
pre_release = false
From https://github.com/Richard-Barrett/terraform-provider-mirantis
* [new tag] v1.0-beta -> v1.0-beta
fatal: ambiguous argument '0.0.0': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
Merge pull request #14 from Richard-Barrett/Richard-Barrett-patch6 automating terraform with release and goreleaser
minor
Bumping tag 0.0.0.
New tag 0.1.0
2022-01-16T04:39:36Z: **pushing tag 0.1.0 to repo Richard-Barrett/terraform-provider-mirantis
"message": "Bad credentials",
"documentation_url": "https://docs.github.com/rest"
}
Error: Tag was not created properly.
Here is the public Repo it is affiliated with: https://github.com/Richard-Barrett/terraform-provider-mirantis
Any advice...?
You are missusing this action, it should be:
- name: 'Tag'
uses: anothrNick/github-tag-action#1.36.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
All parameters are passed by ENV as described here
Trying to get the response from curl and use it in subsequent commands. Not sure what should be the correct syntax here.
- name: Get Token
run: |
response = $(curl https://********* -header "Accept: application/json" -header "X-Username: ${{ secrets.USER_NAME }}" -header "X-Password: ${{ secrets.PASSWORD }}")
echo "response from curl= $response"
I was able to solve this using below approach
- name: GET all workspace
run: |
curl --location --request GET 'https://api.getpostman.com/workspaces' --header 'X-API-Key: ${{ secrets.API_TOKEN }}' -o workspaces.json
- name: read workspace id
id: workspace
run: echo "::set-output name=id::$(cat workspaces.json | jq -c '.workspaces[] | select(.name == "My Workspace").id')"
- name: print workspace id
run: echo ${{ steps.workspace.outputs.id }}
- name: GET api's in workspace
run: |
curl --location --request GET "https://api.getpostman.com/apis?workspace=${{ steps.workspace.outputs.id }}" --header 'X-API-Key: ${{ secrets.API_TOKEN }}' -o apis.json
- name: Read api id in workspace
id: api
run: echo "::set-output name=id::$(cat apis.json | jq -c '.apis[] | select(.name == "testing-service").id')"
- name: Print api id
run: echo ${{ steps.api.outputs.id }}
Try to use like this
- name: Get Token
run: |
response = $(curl https://********* -header "Accept= application/json" -header "X-Username= ${{ secrets.USER_NAME }}" -header "X-Password= ${{ secrets.PASSWORD }}")
echo "response from curl= $response"
I'm using GitAction to run a workflow using a matrix strategy, as follows (simplified):
name: Functional Tests
...
jobs:
functional:
...
strategy:
matrix:
range:
- -e FT_FROM_IX=0 -e FT_TO_IX=300
- -e FT_FROM_IX=301 -e FT_TO_IX=600
- -e FT_FROM_IX=601 -e FT_TO_IX=900
- -e FT_FROM_IX=901 -e FT_TO_IX=1200
- -e FT_FROM_IX=1201
steps:
- uses: actions/checkout#v2
- name: Run functional test
run: |
docker run --network host -t --rm ${{ matrix.range }} -v $(pwd):/opt/fiware-orion ${{ env.TEST_IMAGE_NAME }} build -miqts functional
It works fine, but I get a ugly description at github because the matrix.range value appears as part of the job name:
I would like to have my jobs numbered (e.g. functional-1, functional-2, etc.). Is that possible using some expression to get the index of the matrix element (something like ${{ matrix.range.index }}) or any other way?
Thanks in advance!
I had a similar use case, found a simple solution:
Change matrix range to a list of objects, containing order and range.
Concatenate order with the job's name key.
Use range key as before.
Hopefully, Github Actions will add an index to the matrix jobs, simplifying the way we distinguish between them.
name: Functional Tests
...
jobs:
functional:
name: functional - ${{ matrix.payload.order }}
...
strategy:
matrix:
payload:
- { order: 1, range: '-e FT_FROM_IX=0 -e FT_TO_IX=300' }
- { order: 2, range: '-e FT_FROM_IX=301 -e FT_TO_IX=600' }
- { order: 3, range: '-e FT_FROM_IX=601 -e FT_TO_IX=900' }
...
steps:
- uses: actions/checkout#v2
- name: Run functional test
run: |
docker run --network host -t --rm ${{ matrix.payload.range }} -v $(pwd):/opt/fiware-orion ${{ env.TEST_IMAGE_NAME }} build -miqts functional
I want to use Github Action to trigger Jenkins build, when PR on develop branch is merged with changes in frontend/ dir. I have following file in .github/workflows/ if the repo
name: Trigger Jenkins Build [ Build-Portal ]
on:
push:
branches: [ develop ]
paths: 'frontend/**'
types: [closed]
jobs:
build:
name: Triggering Jenkins Build [ Build-Portal ]
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
steps:
- name: Trigger Build-Portal
uses: actions/trigger-jenkins#develop
with:
jenkins_url: "http://jenkins.example.net:8080/"
jenkins_user: ${{ secrets.JENKINS_USER }}
jenkins_token: ${{ secrets.JENKINS_USER_TOKEN }}
job_name: "Build-Portal"
job_params: '{"FRESH_BUILD":"True", "UI":"True", "BUILD_BRANCH":"develop", "DEPLOY_DEV":"True"}'
job_timeout: "3600" # Default 30 sec. (optional)
But I don't see this is getting triggered under tab /actions
I updated above workflow to
name: Trigger Jenkins Build [ Build-Portal ]
on:
pull_request:
branches: [ develop ]
types: [ closed ]
jobs:
trigger:
name: Triggering Jenkins Build [ Build-Portal ]
runs-on: ubuntu-latest
steps:
- name: Triggering Jenkins Build
uses: appleboy/jenkins-action#master
if: github.event.pull_request.merged == true
with:
url: "http://jenkins.example.net:8080/"
user: ${{ secrets.JENKINS_USER }}
token: ${{ secrets.JENKINS_USER_TOKEN }}
job: "Build-Portal"
with these changes, workflow is running, but getting failure with missing jenkins config
Run appleboy/jenkins-action#master
with:
url: http://jenkins.example.net:8080/
job: Build-Portal
/usr/bin/docker run --name a33c102b3a03f81d04bc7936bf41daf1ca949_52143d --label 8a33c1 --workdir /github/workspace --rm -e INPUT_URL -e INPUT_USER -e INPUT_TOKEN -e INPUT_JOB -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/Build-Portal/Build-Portal":"/github/workspace" 8a33c1:02b3a03f81d04bc7936bf41daf1ca949
2021/06/16 14:16:24 missing jenkins config
What I am missing here ?