I've already attempted to ask about this on the repo itself with no luck so far.
I've created a fairly simple workflow based on this SO answer to retrieve a forgotten secret:
name: Show Me the S3cr3tz
on: [push]
jobs:
debug:
name: Debug
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout#v2
- name: Set up secret file
env:
MY_SECRET: ${{ secrets.MY_SECRET }}
run: |
echo $MY_SECRET >> secrets.txt
- name: Run tmate
uses: mxschmitt/action-tmate#v3
However, I can never see the tmate link because it is cancelled automatically and immediately after leaving the queue:
What am I doing wrong?
This is probably related to the recent GitHub Actions outage.
The workflow YAML syntax is valid, and confirmed to be working.
Related
I am trying to restore from a cache. My job reads:
testing-windows:
strategy:
matrix:
example: [Frank2Example1, Frank2Example2, Frank2Example3]
name: Test windows ${{ matrix.example }}
runs-on: windows-latest
steps:
- name: Checkout repository
uses: actions/checkout#v2
- name: Cache Frank!Runner dependencies - build
uses: actions/cache#v2
with:
path: build
key: ${{ runner.os }}-frank-runner-build
restore-keys: |
${{ runner.os }}-frank-runner-build
- name: Cache Frank!Runner dependencies - download
uses: actions/cache#v2
with:
path: download
key: ${{ runner.os }}-frank-runner-download
restore-keys: |
${{ runner.os }}-frank-runner-download
... Other steps ...
Step Cache Frank!Runner dependencies - build does not find its cache. The output reads:
Run actions/cache#v2
with:
path: build
key: Windows-frank-runner-build
restore-keys: Windows-frank-runner-build
Cache not found for input keys: Windows-frank-runner-build, Windows-frank-runner-build
In this message, the key is duplicated.
This issue does not apply to the next step: Cache Frank!Runner dependencies - download. That step can find its cache.
I tried running this job multiple times. It succeeds, but the cache remains unavailable as mentioned.
My full code is available at https://github.com/mhdirkse/frank-runner, commit SHA ad4644d1ab6b7389294a6ad3d2c67c9655517fa6.
Did I do something wrong or is this a bug in GitHub actions?
EDIT:
As you see in the text, this failure happens on Windows. I am doing the same under Ubuntu, but then there is no error. Both caches work properly under Linux.
EDIT Thursday Agust 11 2022
I am having the same issue under Ubuntu now. On https://github.com/ibissource/frank-manual commit 57b4c937559d20c5420245b3f0c07fa79366c9c6, I have the following GitHub action YAML:
name: TestFrankRunner.
on:
push:
paths: srcSteps/Frank2Webapp/**
pull_request:
paths: srcSteps/Frank2Webapp/**
workflow_dispatch:
jobs:
test-frank2webapp:
name: Test Frank2Webapp
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout#v2
- name: Show input
run: echo ${{ github.event.inputs.forceLatestFF }}
- name: Cache Maven downloads
uses: actions/cache#v2
with:
path: ~/.m2/repository/
key: ${{ runner.os }}-maven
restore-keys: |
Linux-maven
- name: Start Frank2Webapp
run: mvn --log-file log.txt clean install jetty:run &
working-directory: srcSteps/Frank2Webapp/v520
...
Other steps
...
My GitHub action log shows the line:
Cache not found for input keys: Linux-maven, Linux-maven
I solved the problem for the example of the frank-manual repository, see EDIT of August 11 2022. In the frank-manual repository, I simply upgraded to actions/cache#v3.
In the release notes of v3, I saw the following:
Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest.
Indeed, I was caching directory ~/.m2/repository/ so the fix applies to my test.
I am not sure about the original question that was about the Windows operating system. I hope to inform about that later.
EDIT September 5 2022
The original issue has not been fixed. In project https://github.com/ibissource/frank-runner/, all usages of the cache action have been updated to v3. Nevertheless, step Cache Frank!Runner dependencies - build cannot restore its cache. This problem happens under Windows, no more under Linux.
I am making a custom terraform provider for my organization.
I was following the instructions here:
https://www.terraform.io/registry/providers/publishing?_ga=2.233394398.119722977.1642457969-242172196.1631994131
In the section where it mentions to set up a GitHub Action by copying over the following into my workflows directory:
GitHub Actions workflow from the terraform-provider-scaffolding repository (https://github.com/hashicorp/terraform-provider-scaffolding/blob/main/.github/workflows/release.yml)
Unfortunately doing so seems to have caused the release workflow to no longer work and run. As a result, I was hoping I might get some overall insights into this as I am trying to hook it up to terraform registry and it's not letting me publish it because of a mal-release configuration.
Here is the repo:
https://github.com/Richard-Barrett/terraform-provider-mirantis
Here is the code that I am using for release.yml in my existing workflows:
# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: release
on:
push:
tags:
- 'v*'
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout#v2.4.0
-
name: Unshallow
run: git fetch --prune --unshallow
-
name: Set up Go
uses: actions/setup-go#v2
with:
go-version: 1.17
-
name: Import GPG key
id: import_gpg
uses: hashicorp/ghaction-import-gpg#v2.1.0
env:
# These secrets will need to be configured for the repository:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action#v2.8.0
with:
version: latest
args: release --rm-dist
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I think it may be the way I am auto-tagging in my repo as well, here is what I am using within my tag.yml:
name: 'tag'
on:
push:
branches:
- main
jobs:
tag:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout#v2.4.0
- name: 'Tag'
uses: anothrNick/github-tag-action#1.36.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Also, the tag workflow wasn't working at first, but now is, but my release status is just showing no status
So after much chagrin and heartache, I found out why it wasn't working.
I didn't specify the Branch on which the action was to be triggered:
Answer:
https://github.com/Richard-Barrett/terraform-provider-mirantis/commit/62a1fb003aee118e133dd22ce79dd488798214e1
The overall change was adding that to the release.yml.
The tag.yml is fine.
As a result, here was the overall change:
name: 'release'
on:
push:
branches:
- main
tags:
- 'v*'
jobs:
And the final release file looked like this:
# This GitHub action can publish assets for release when a tag is created.
# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
#
# This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
# secret. If you would rather own your own GPG handling, please fork this action
# or use an alternative one for key handling.
#
# You will need to pass the `--batch` flag to `gpg` in your signing step
# in `goreleaser` to indicate this is being used in a non-interactive mode.
#
name: 'release'
on:
push:
branches:
- main
tags:
- 'v*'
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout#v2.4.0
-
name: Unshallow
run: git fetch --prune --unshallow
-
name: Set up Go
uses: actions/setup-go#v2
with:
go-version: 1.17
-
name: Import GPG key
id: import_gpg
uses: hashicorp/ghaction-import-gpg#v2.1.0
env:
# These secrets will need to be configured for the repository:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
PASSPHRASE: ${{ secrets.PASSPHRASE }}
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action#v2.8.0
with:
version: latest
args: release --rm-dist
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
# GitHub sets this automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
I want to trigger a Github workflow only if a code is pushed to a specific branch and if a tag exists, but my config (github workflow) does not work as expected:
name: Deployment
on:
push:
branches:
- feature/BRANCH-NAME
tags:
- *
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v1
with:
node-version: '10.x'
- name: Install dependencies
run: |
npm install
- name: Lint & build
run: |
npm run build
The workflow is triggered even if a tag does not exist.
How could I fix this?
EDIT: This workaround seemed to have solved my problem at the time of writing but I cannot guarantee that it still works as expected.
Since I couldn't find a way to implement an AND condition (i.e. tagged AND on master), I used the following workaround:
name: Worflow demo
on:
push:
tags:
- v*
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- name: Exit if not on master branch
if: endsWith(github.ref, 'master') == false
run: exit -1
- name: Next job ...
This will trigger if there is a tagged (e.g. tag v1.0.0) commit pushed:
on:
push:
tags:
- v*
The first step ('Exit if not on master branch') then checks if the current branch doesn't end with master and exits the workflow (the subsequent tests will not start):
- name: Exit if not on master branch
if: endsWith(github.ref, 'master') == false
run: exit -1
Hope this helps someone else as well.
can use release event and github.event.release.target_commitish to make only tags on 'my_branch' to trigger the build
name: workflow demo
on:
release:
types:
- published
jobs:
my_job:
runs-on: ubuntu-latest
steps:
- name: build only on my_branch tag
if: ${{ github.event_name == 'release' && github.event.release.target_commitish == 'my_branch'}}
run: "something"
To fix the multiple unintended runs I removed the "branches:" scalar and just include and !exclude tags that I want my workflow to run on.
Following runs on tagged releases, not on release candidates:
name: 'tagged-release'
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- '!*-rc[0-9]+'
The accepted answer didn't seem to work for me, as pointed out by dilithiummatrix in the comments.
So I tried outputting the available values of the github object, which you can do by adding this in your workflow file to see what is available:
- name: Dump job github var
env:
GITHUB_VAR: ${{ toJson(github) }}
run: echo "$GITHUB_VAR"
From this I noticed that as Billy Clark also pointed out, that github.event.base_ref contains refs/heads/production. So this worked for me:
# Only release from prod branch
- name: Exit if not on production branch
if: endsWith(github.event.base_ref, 'production') == false
run: exit -1
You can so by writing the following YAML code.
Keep in mind that you have to put the branches-ignore so that the workflow is not activated when you create branches. The part where you check whether the tag is pushed to a specific branch is covered in the second part of the answer.
name: Deployment
on:
push:
tags:
- *
branches-ignore:
- '*'
You can check for the name of the branch with the following code; specifically for every step of the job you are trying to accomplish.
- name: job
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
if: contains(env.BRANCH_NAME, <branch-name>)
then follow up with some more code you want the workflow to do.
I am attempting to use GitHub Actions for a complete pipeline, including automatic SemVer versioning (using tags) that I would then like to consume after building my Docker image to tag it with the current version. This is the action that I am using to bump the version, which should have a new_tag output but I cannot reference it, this is what I am trying:
jobs:
setup:
...
version:
needs: [setup]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
with:
fetch-depth: '0'
- name: Bump version and push tag
uses: anothrNick/github-tag-action#1.26.0
id: autoversion
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WITH_V: true
sonar:
...
anchore:
...
docker:
needs: [setup, version]
steps:
...
- name: Build and push
uses: docker/build-push-action#v2
with:
context: .
push: true
tags: ansfire/flaskql:${{ needs.version.autoversion.outputs.new_tag }}
From what I have read using the needs key is supposed to allow one job to access upstream jobs but I cannot get it to access this. Do I need an outputs key in the version stage? Thanks!
Look into this answer, you need to define the outputs in the job creating the outputs, i.e.
jobs:
version:
[...]
outputs:
new_tag: ${{ steps.autoversion.outputs.new_tag }}
docker:
[...] tags: ansfire/flakql:${{ needs.version.outputs.new_tag }}
It has a monorepo, where it will contain two subfolders, which are:
Each with their respective projects and packages. I am trying to access a certain subfolder to do its respective action, but it is giving an error when I run a command to test with lint, which is:
error Couldn't find a package.json file in "/github/workspace"
It probably should not be accessing the frontend subfolder. I need it to run all the commands in this subfolder, how do I do it?
MY .YML:
name: PIPELINE OF TESTS
on:
push:
branches: [frontend-develop, backend-develop]
pull_request_target:
types: [opened, edited, closed]
branches: [main]
jobs:
test-frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./frontend
strategy:
matrix:
node-version: [14.x]
architecture: [x64]
steps:
- name: CHECK-OUT GIT REPOSITORY
uses: actions/checkout#v2
- name: USE NODEJS ${{ matrix.node-version }} - ${{ matrix.architecture }}
uses: actions/setup-node#v2
- name: INSTALL PROJECT DEPENDENCIES (YARN)
uses: borales/actions-yarn#v2.0.0
with:
cmd: install
- name: CODE ANALYSE (LINT) AND STYLE-GUIDE ANALYSE (PRETTIER + AIRBNB)
uses: borales/actions-yarn#v2.0.0
with:
cmd: lint-check
- name: UNIT TEST (JEST)
uses: borales/actions-yarn#v2.0.0
with:
cmd: test
Using defaults with run will only be applied to the run step (e.g scripts/commands that you execute yourself and not actions). See the docs:
Provide default shell and working-directory to all run steps in the
job. Context and expression are not allowed in this section.
When you are using a GitHub action (you have uses:) it not possible to change the working directory. Keep in mind that some actions support this - you can pass an additional argument to with:, but in your case borales/actions-yarn do not support that.
What can you do?
As suggested in the borales/actions-yarn REAME.md:
Please keep in mind that this Action was originally written for GitHub Actions beta (when Docker was the only way of doing things).
Consider using actions/setup-node to work with Yarn. This repository will be mostly supporting the existing flows.
You can remove these actions and call yarn directly in run:. Your workflow should look like:
name: PIPELINE OF TESTS
on:
push:
branches: [frontend-develop, backend-develop]
pull_request_target:
types: [opened, edited, closed]
branches: [main]
jobs:
test-frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./frontend
strategy:
matrix:
node-version: [14.x]
architecture: [x64]
steps:
- name: CHECK-OUT GIT REPOSITORY
uses: actions/checkout#v2
- name: USE NODEJS ${{ matrix.node-version }} - ${{ matrix.architecture }}
uses: actions/setup-node#v2
- name: INSTALL PROJECT DEPENDENCIES (YARN)
run: yarn install
- name: CODE ANALYSE (LINT) AND STYLE-GUIDE ANALYSE (PRETTIER + AIRBNB)
run: yarn lint-check
- name: UNIT TEST (JEST)
run: yarn test