I have a GitHub action that I have created in order to create a new version and publish it for our JS repo. It looks similar to this
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 12.18.3
registry-url: https://npm.pkg.github.com/
scope: '<redacted>'
- name: Install Dependencies
run: npm ci
- name: Build
run: npm run build
- name: Bump Version & Push
run: |
git config --local user.email "<redacted>"
git config --local user.name "<redacted>"
npm version patch
git push https://${{ secrets.KEY }}#github.com/<redacted> HEAD:master --follow-tags
The KEY that I am using is a person access token I created from my account. I have set the repo so that I have push access to the master branch. When I try the push command from my machine with the access token it works without an issue. However every time I see this in the GitHub Action
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: You're not authorized to push to this branch. Visit https://docs.github.com/articles/about-protected-branches/ for more information.
I have been racking my brain trying to figure this out and I'm out to ideas. If I remove the branch protection this action works fine.
I think this is because of how authentication is persisted by actions/checkout. It's stored in an extraheader config option which takes precedence over the credentials you are setting manually.
Try not persisting the auth:
- uses: actions/checkout#v2
with:
persist-credentials: false
Or alternatively:
- uses: actions/checkout#v2
with:
token: ${{ secrets.KEY }}
I know this because I've had my own issue with overriding this config option in the past.
Related
I'm new with gatsby and github actions. I'm trying to publish the website on github.
Here's my publish.yml file
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v1
- uses: actions/setup-node#v3
with:
node-version: 18
- uses: enriikke/gatsby-gh-pages-action#v2
with:
access-token: ${{ secrets.**** }}
deploy-branch: gh-pages
gatsby-args: --prefix-paths
But I have this error on github:
/usr/bin/git push -f https://***#github.com/lentsius-bark/krystof-klestil.git master:gh-pages
fatal: could not read Password for 'https://***#github.com': No such device or address
Error: The process '/usr/bin/git' failed with exit code 128
The error looks like there is some issue with the access token that git push is trying to use.
Try these methods to resolve the issue.
Make sure that the access token you're using is valid and has the appropriate permissions to push to the gh-pages branch. You can create a new personal access token in your GitHub account settings if needed.
In your workflow file, change ${{ secrets.**** }} to ${{ secrets.ACCESS_TOKEN }} (replace ACCESS_TOKEN with the name of your actual secret). This will ensure that the access token is correctly substituted in the enriikke/gatsby-gh-pages-action#v2 step.
I recently created two workflows that deploy a preview when a push is made to a non-release branch (incl main) and deploys a production build when pushed to the release branch. However the preview workflow is failing with the error:
Error: No existing credentials found. Please run vercel login or pass "--token"
On the line:
vercel pull --yes --environment=preview --token=
I've setup the tokens in environment secrets of the repository, and below is the workflow file:
name: Preview Deployment
env:
VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }}
VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }}
VERCEL_TOKEN: ${{secrets.VERCEL_TOKEN }}
on:
push:
branches-ignore:
- release
jobs:
Deploy-Preview:
runs-on: ubuntu-latest
steps:
- name: "Echo values"
run: |
echo $VERCEL_PROJECT_ID
echo $VERCEL_TOKEN
- uses: actions/checkout#v2
- name: Install Vercel CLI
run: npm install --global vercel#latest
- name: Pull Vercel Environment Information
run: vercel pull --yes --environment=preview --token=${{ secrets.VERCEL_TOKEN }}
- name: Build Project Artifacts
run: vercel build --token=${{ secrets.VERCEL_TOKEN }}
- name: Deploy Project Artifacts to Vercel
run: vercel deploy --prebuilt --token=${{ secrets.VERCEL_TOKEN }}
The echo isn't logging anything, not even ***(Although this isn't any important step, it was just a way to possibly debug the issue). I've followed this article from vercel to create the workflow. I'm pretty sure that the tokens are set up correctly, again at the same time, I'm unable to pinpoint the cause of the error. How do I fix this? TIA.
I have integrated chromatic into my repository and purpose is to push my storybooks into chromatic.
I have two folder in my repo: 1- backend 2- frontend and I have all storybooks in my frontend folder and my .github/workflows/chromatic.yml file looks like below:
# .github/workflows/chromatic.yml
# Workflow name
name: 'Chromatic'
# Event for the workflow
on: pull_request
# List of jobs
jobs:
chromatic-deployment:
# Operating System
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend
# Job steps
steps:
- uses: actions/checkout#v1
with:
fetch-depth: 0
- name: Install dependencies
run: yarn
# 👇 Runs yarn in ./frontend
working-directory: frontend
# 👇 Adds Chromatic as a step in the workflow
- name: Publish to Chromatic
uses: chromaui/action#v1
# Chromatic GitHub Action options
with:
# 👇 Chromatic projectToken, refer to the manage page to obtain it.
workingDir: frontend
projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
Is there anything wrong in chromatic.yml file? I have set event on pull request and whenever I create pull request from my branch to another branch(dev) I received notifications that "no job were run" (also attached the screenshot). And when I click "View workflow run" button I got following error:
Error: .github#L1
The job was not started because recent account payments have failed or your spending limit needs to be increased. Please check the 'Billing & plans' section in your settings.
(I have researched this error and also tried different ways as suggested but same issue I am getting).
I would like to use a pure solution in a GitHub action to increment a version of the package. I don't want to use any existing actions from the GitHub marketplace such as "gh-action-bump-version
". I have this workflow, which will increase the version and create a tag.
name: Version Increment
on:
push:
branches:
- main
tags-ignore:
- v*
jobs:
version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
with:
token: ${{ secrets.ACCESS_TOKEN }}
- run: git config user.email "$GITHUB_ACTOR#users.noreply.github.com"
- run: git config user.name "$GITHUB_ACTOR"
- run: npm version minor -m "v%s"
- run: VERSION=$(node -p "require('./package.json').version")
- run: git tag ${VERSION}
- run: git push origin --tags
- run: git push origin --follow-tags
It works, but it also cause a circular runs of the actions because of the last row. I know that I can use a custom message like "[RELEASE]" and put there a "if" condition and skip these commits. But my question is, is there any better solution to skip these commits from this action and do not use the "if" condition? Because the "tags-ignore" obviously doesn't work.
So I found several solutions. The first is that you can put "[skip actions]" to your commit message and that commit will skip any github action that should run within the commit. The second one is to use an address of the repository with access token.
This works pretty well for me:
name: Version Increment
on:
push:
branches:
- main
jobs:
version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- run: git config user.email "$GITHUB_ACTOR#users.noreply.github.com"
- run: git config user.name "$GITHUB_ACTOR"
- run: npm version minor -m "v%s"
- run: VERSION=$(node -p "require('./package.json').version")
- run: git tag ${VERSION}
- run: git push "https://$GITHUB_ACTOR:${{ secrets.ACCESS_TOKEN }}#github.com/$GITHUB_REPOSITORY.git" --follow-tags
- run: git push "https://$GITHUB_ACTOR:${{ secrets.ACCESS_TOKEN }}#github.com/$GITHUB_REPOSITORY.git" --tags
Try using the built in GITHUB_TOKEN instead of your custom ACCESS_TOKEN. That should prevent the workflow from triggering another workflow.
From the docs (https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow):
When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN will not create a new workflow run. This prevents you from accidentally creating recursive workflow runs. For example, if a workflow run pushes code using the repository's GITHUB_TOKEN, a new workflow will not run even when the repository contains a workflow configured to run when push events occur.
I need to check out a private repo during a GitHub Actions workflow. I am using the checkout action, and following its README:
I created a service account, i.e. a separate GitHub account just for GitHub Actions workflow.
I created a PAT (Personal Access Token) for the service account, with permission to access the private repo and the current workflow repo.
I created a secret to store the PAT token.
Now, when I just do the following, it does not work:
- name: Checkout
uses: actions/checkout#v2
with:
token: ${{secrets.MY_TOKEN}}
it seems that I did not config git properly to allow it use the token. My question is: should I or how do I configure git config to use token in the above step?
The private repo is a dependency of the main repo. Both repos are Rust programs, using Cargo, so I am trying to use the same service account to check out the main repo first. Then cargo will check out the private repo.
According to the actions/checkout documentation, you need to add the repository input as well for private repositories:
It should look like the following on your workflow .yml file:
- name: Checkout
uses: actions/checkout#v2
with:
path: main
- name: Checkout private repo
uses: actions/checkout#v2
with:
repository: your-private/repo_name
token: ${{ secrets.MY_TOKEN }}
You shouldn't need to configure anything else regarding git
Except if you need a specific path, in that case you need to inform it as input as well:
- name: Checkout private repo
uses: actions/checkout#v2
with:
repository: your-private/repo_name
token: ${{ secrets.MY_TOKEN }}
path: path-to-directory