We Keep Coding

Can a github action use the search api?

I'm trying to create a github action that searches all PRs in our repository with a specific label. The api call returns the correct result when running it locally with my personal access token but in the action it seems to get no results.
The default workflow permissions are "Read and write".
This is the action code:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
runs-on: ubuntu-latest
steps:
- name: Search label deploy-in-dev
run: |-
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/search/issues?q=repo:private-org/example+is:pull-request+is:open+label:deploy-in-dev" \
| grep "\"number\":" \
| sed 's/.*"number": \([0-9]*\),/\1/g' \
| while IFS= read -r pr_number; do
echo "Found pr with label with pr number ${pr_number}"
done
Could this be a permission error or do I miss something else?

There is a great GH action - GitHub Script. It allows writing scripts in your workflow and provides an easy and elegant way to run these scripts.
Working example:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
name: Search and remove deploy-in-dev label
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/github-script#v6
name: Search and remove deploy-in-dev label
with:
script: |
const label = 'deploy-in-dev';
const pullRequests = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open'
});
console.log(`Found ${pullRequests.data.length} Pull Request(s)`);
await Promise.all(pullRequests.data.map(async (pr) => {
if (pr.labels.filter(l => l.name === label).length === 0) {
console.log(`Skipping PR number ${pr.number}`);
return;
}
console.log(`Removing label ${label} from PR number ${pr.number}`);
await github.rest.issues.removeLabel({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
name: label
});
}));

I did not use the GITHUB_TOKEN correct. It needs to be ${{ secrets.GITHUB_TOKEN }} instead of ${ GIHTUB_TOKEN }. It works like this:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
name: Search and remove deploy-in-dev label
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- name: Search and remove label deploy-in-dev
run: |-
curl --silent \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" \
| grep "\"number\":" \
| sed 's/.*"number": \([0-9]*\),/\1/g' \
| while IFS= read -r pr_number; do
echo "Found pr with label with pr number ${pr_number}"
done
As a bonus I added to minimal set of permissions to the action so that it still runs. The only permission needed is pull-requests: read. If the action should also be able to add or remove a label the permission needs to be pull-requests: write. The complete action I now use is this one:
name: Cleanup deploy-in-dev label
on:
workflow_dispatch:
schedule:
- cron: "15 1 * * *"
jobs:
cleanup:
name: Search and remove deploy-in-dev label
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Search and remove label deploy-in-dev
run: |-
curl --silent \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
"https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" \
| grep "\"number\":" \
| sed 's/.*"number": \([0-9]*\),/\1/g' \
| while IFS= read -r pr_number; do
echo "Removing label from pr number ${pr_number}"
curl --silent \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/issues/${pr_number}/labels/deploy-in-dev
done

`GITHUB_PULL_REQUEST_BASE_REF: parameter null or not set` error in github actions

I am getting this error while trying to set a github actions. My goal is to set up a github actions that uses another template for linting and fixing SQL. Here is my github folder.
The models folder contains a single sql file (with .sql file extention). The content of the sql folder is an sql file testing.sql with the query: select a,b,c, document as doc from table.
The workflow file contains the following yml file:
on:
pull_request:
jobs:
test-check:
name: runner / sqlfluff (github-check)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: yu-iskw/action-sqlfluff#v3
id: lint-sql
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
sqlfluff_version: "1.2.0"
sqlfluff_command: "fix" # Or "lint"
config: "${{ github.workspace }}/.sqlfluff"
paths: '${{ github.workspace }}/models'
- name: 'Show outputs (Optional)'
shell: bash
run: |
echo '${{ steps.lint-sql.outputs.sqlfluff-results }}' | jq -r '.'
echo '${{ steps.lint-sql.outputs.sqlfluff-results-rdjson }}' | jq -r '.'
The .sqlfluff file contains a default configuration from the following site: sqlfulff.
The workflow run is throwing the following error which I couldn't quite figure out:
I don't know what the line 15: GITHUB_PULL_REQUEST_BASE_REF: parameter null or not set means in the error. I would be glad if anyone can help with the error.

It is a parameter used by yu-iskw/action-sqlfluff action.yml in its entrypoint.sh.
SQL_FILE_PATTERN="${FILE_PATTERN:?}"
SOURCE_REFERENCE="origin/${GITHUB_PULL_REQUEST_BASE_REF:?}"
changed_files=$(git diff --name-only --no-color "$SOURCE_REFERENCE" "HEAD" -- "${SQLFLUFF_PATHS:?}" |
grep -e "${SQL_FILE_PATTERN:?}" |
xargs -I% bash -c 'if [[ -f "%" ]] ; then echo "%"; fi' || :)
Set it to the remote branch parameter github_base_ref you want to compare to (main for instance).
In your case:
on:
pull_request:
jobs:
test-check:
name: runner / sqlfluff (github-check)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: yu-iskw/action-sqlfluff#v3
id: lint-sql
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
sqlfluff_version: "1.2.0"
sqlfluff_command: "fix" # Or "lint"
config: "${{ github.workspace }}/.sqlfluff"
paths: '${{ github.workspace }}/models'
github_base_ref: "main" <========================
- name: 'Show outputs (Optional)'
shell: bash
run: |
echo '${{ steps.lint-sql.outputs.sqlfluff-results }}' | jq -r '.'
echo '${{ steps.lint-sql.outputs.sqlfluff-results-rdjson }}' | jq -r '.'
(Do not include the <======... part, only the github_base_ref: "main")

GitHub Actions for Automatic Tag Not Working

One of my GitHub Actions for automatic tagging is not working and I don't seem to know why.
Here is my tag.yml:
name: 'tag'
on:
push:
branches:
- main
jobs:
tag:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout#v2.4.0
- name: 'Tag'
uses: anothrNick/github-tag-action#1.36.0
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
The error I get is this:
Warning: Unexpected input(s) 'repo-token', valid inputs are ['entryPoint', 'args']
Run anothrNick/github-tag-action#1.36.0
/usr/bin/docker run --name a72c5b92e429db40e09e9b93f3e458fdb9_f74ce8 --label 9916a7 --workdir /github/workspace --rm -e INPUT_REPO-TOKEN -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/terraform-provider-mirantis/terraform-provider-mirantis":"/github/workspace" 9916a7:2c5b92e429db40e09e9b93f3e458fdb9
*** CONFIGURATION ***
DEFAULT_BUMP: minor
WITH_V: false
RELEASE_BRANCHES: master,main
CUSTOM_TAG:
SOURCE: .
DRY_RUN: false
INITIAL_VERSION: 0.0.0
TAG_CONTEXT: repo
PRERELEASE_SUFFIX: beta
VERBOSE: true
Is master a match for main
Is main a match for main
pre_release = false
From https://github.com/Richard-Barrett/terraform-provider-mirantis
* [new tag] v1.0-beta -> v1.0-beta
fatal: ambiguous argument '0.0.0': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'
Merge pull request #14 from Richard-Barrett/Richard-Barrett-patch6 automating terraform with release and goreleaser
minor
Bumping tag 0.0.0.
New tag 0.1.0
2022-01-16T04:39:36Z: **pushing tag 0.1.0 to repo Richard-Barrett/terraform-provider-mirantis
"message": "Bad credentials",
"documentation_url": "https://docs.github.com/rest"
}
Error: Tag was not created properly.
Here is the public Repo it is affiliated with: https://github.com/Richard-Barrett/terraform-provider-mirantis
Any advice...?

You are missusing this action, it should be:
- name: 'Tag'
uses: anothrNick/github-tag-action#1.36.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
All parameters are passed by ENV as described here

GitActions job name based on matrix index instead of matrix value

I'm using GitAction to run a workflow using a matrix strategy, as follows (simplified):
name: Functional Tests
...
jobs:
functional:
...
strategy:
matrix:
range:
- -e FT_FROM_IX=0 -e FT_TO_IX=300
- -e FT_FROM_IX=301 -e FT_TO_IX=600
- -e FT_FROM_IX=601 -e FT_TO_IX=900
- -e FT_FROM_IX=901 -e FT_TO_IX=1200
- -e FT_FROM_IX=1201
steps:
- uses: actions/checkout#v2
- name: Run functional test
run: |
docker run --network host -t --rm ${{ matrix.range }} -v $(pwd):/opt/fiware-orion ${{ env.TEST_IMAGE_NAME }} build -miqts functional
It works fine, but I get a ugly description at github because the matrix.range value appears as part of the job name:
I would like to have my jobs numbered (e.g. functional-1, functional-2, etc.). Is that possible using some expression to get the index of the matrix element (something like ${{ matrix.range.index }}) or any other way?
Thanks in advance!

I had a similar use case, found a simple solution:
Change matrix range to a list of objects, containing order and range.
Concatenate order with the job's name key.
Use range key as before.
Hopefully, Github Actions will add an index to the matrix jobs, simplifying the way we distinguish between them.
name: Functional Tests
...
jobs:
functional:
name: functional - ${{ matrix.payload.order }}
...
strategy:
matrix:
payload:
- { order: 1, range: '-e FT_FROM_IX=0 -e FT_TO_IX=300' }
- { order: 2, range: '-e FT_FROM_IX=301 -e FT_TO_IX=600' }
- { order: 3, range: '-e FT_FROM_IX=601 -e FT_TO_IX=900' }
...
steps:
- uses: actions/checkout#v2
- name: Run functional test
run: |
docker run --network host -t --rm ${{ matrix.payload.range }} -v $(pwd):/opt/fiware-orion ${{ env.TEST_IMAGE_NAME }} build -miqts functional

Caching buildah images (base + created) using github actions/cache

I want to cache the buildah images so that they are not pulled every time using github actions/cache. Can you please help me understand what layers should be cached. I started with ~/var/lib/containers and /var/lib/containers but that did not help
jobs:
# This workflow contains a single job called "greet"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#master
- name: Set up JDK 1.8
uses: actions/setup-java#v1
with:
java-version: 1.8
- name: Install oc tool
run: mkdir /tmp/s2i/ && cd /tmp/s2i/ && curl -s https://api.github.com/repos/openshift/source-to-image/releases/latest | grep browser_download_url | grep linux-amd64 | cut -d '"' -f 4 | wget -qi - && tar xvf source-to-image*.gz && sudo mv s2i /usr/local/bin && rm -rf /tmp/s2i/
- name: Login to quay.io using Buildah
run: buildah login -u ${{ secrets.QUAY_USERNAME }} -p ${{ secrets.QUAY_PASSWORD }} quay.io
- name: Cache local Maven repository & buildah containers
uses: actions/cache#v2
with:
path: |
~/.m2/repository
key: ${{ runner.os }}-maven-buildah-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-buildah-
- name: Build with Maven
run: pwd && mvn -B clean install -DskipTests -f ./vertx-starter/pom.xml
- name: Create the Dockerfile
run: printf "FROM openjdk:8-slim\nARG JAR_FILE=target/*.jar\nRUN mkdir -p /deployments\nCOPY \${JAR_FILE} /deployments/app.jar\nRUN chown -R 1001:0 /deployments && chmod -R 0755 /deployments\nEXPOSE 8080 8443\n USER 1001\nENTRYPOINT [\"java\",\"-jar\",\"/deployments/app.jar\"]" > Dockerfile && cat Dockerfile
- name: Create image using buildah
run: buildah bud --layers --log-level debug --build-arg JAR_FILE="vertx-starter/target/app.jar" -t quay.io/himanshumps/vertx_demo .