Can you please tell me if it is possible to setup Github action which gets triggered
when a new issue opened against a repo?
If not, is there other way which I can automated when a new issue is filed in a repo?
Forllowing the GitHub workflow syntax for on.<event_name>.types, you can trigger an action on a new issue with:
name: "Set Issue Label and Assignee"
on:
issues:
types: [opened]
Example: Naturalclar/issue-action
Webhooks are not needed here:
Subcribing to a webhook event like the one for issues is not enough: you need to setup a listener which will process the JSON payload. (for instance, building a GitHub App with ProBot).
"if not": GitHub Actions are there to avoid using webhooks, if your project is on GitHub.com (webhooks can still be useful for on premise GitHub hosting servers for example)
You will need to subscribe to this webhook.
https://developer.github.com/webhooks/event-payloads/#issues
Webhook payload object
Key Type Description
action string The action that was performed. Can be one of opened, edited, deleted,
pinned, unpinned, closed, reopened, assigned, unassigned, labeled,
unlabeled, locked, unlocked, transferred, milestoned, or demilestoned.
Related
I've defined a github action and it runs successfully on every push and every pull request, completing with a green check mark when tests pass.
However it never produces a status, or at any rate the github status badge always says "no status."
In addition, I am unable to choose this action as a precondition for merging pull requests because it has no status and so cannot be chosen via the "Require status checks to pass before merging" selector.
Am I trying to do something that just can't be done without explicitly emitting a status via the github API, or is there a more straightforward way to attach a github action as a precondition to a PR merging?
The github action is here: https://github.com/apostrophecms/apostrophe/blob/main/.github/workflows/main.yml
And I'm using this markup for the badge:
(This is an open source repository, so everything is available for inspection.)
It looks like you've added a badge with the example URL instead of customising it with your username and repo:
(It's weird it picked up the name of the action correctly.)
You need to replace that URL with
https://github.com/apostrophecms/apostrophe/actions/workflows/main.yml/badge.svg
(Where by "you need" I mean "I sent you this PR".)
I am giving a coding lesson where students can upload answers to our quizzes using personal, private repositories. So here's how the repository structure of my organization looks like:
my_organization/student_1_project
my_organization/student_2_project
my_organization/...
my_organization/student_n_project
I would like to run a private GitHub Action at any push on a student repository. This Action would run partial reviews of the student's work, and notify me of stuffs. Its code would need to be unreachable from students, of course, otherwise providing hints & solutions.
I have three questions:
Can my workflow in e.g. my_organization/student_2_project be to use a private action my_organization/my_private_action? It seems like yes thanks to actions/checkout#v2 (see here) but pretty sure that involves playing with keys or tokens or secrets - I'm not so at ease with that and currently get an error although it does exist:
Error: fatal: repository 'https://github.com/my_organization/my_private_action' not found
Can it prevent the student (owner/admin of my_organization/student_2_project) to see the code in my_organization/my_private_action?
With the same constraints, could the private action be hosted in another organization?
Thanks a lot for your help!
This is how I understand the restrictions:
Using an action from a private/internal repository currently isn't supported directly, see this issue on the roadmap. A possible workaround is adding a personal access token with access to the private repo that contains the action and then checking it out like this:
- name: Get private repo with action
uses: actions/checkout#v2
with:
repository: yourorg/privateactionrepo
ref: master
token: ${{ secrets.PAT_TOKEN }}
path: .github/actions
You can then use the action in another step like
uses: ./.github/actions/actionname
The PAT can be a secret on the org level so you don't have to add it to every single student repo.
Since the student's repo has access to the PAT, they can use it to create a workflow that checks out the private repo and does whatever they want with it – upload its contents, print every file etc.
As long as the PAT has the permissions to check out the repo containing the action, the action can live anywhere, including in another organization.
Alternatively, if you want to prevent your students from seeing your action, you could add a workflow to your students' repositories that sends a request to the GitHub API and then have a trigger in your action on the repository_dispatch event.
I have an action job which upload the context to other website. The token was set and stored in the secret.MY_TOKEN.
But others who make the pull request also trigger this action job using the token I set.
How to limit the privilege of executing the jobs that only I can run this action job.
fyi my ci.yml as follow:
name: foobar
on: [push, pull_request]
jobs:
upload:
runs-on: ubuntu-latest
steps:
....
- name: execute upload
env:
TOKEN: ${{ secrets.MYTOKEN }}
run:
upl --token ${TOKEN}
I assume there are two security problems here.
The token is printed in log file.
others who can use this private token by trigger action with their own purpose.
Use the github.repository_owner context
https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#github-context
The syntax should be something like:
- if: github.repository_owner == 'owner_name'
There is a new feature which could help, since July 2022:
Differentiating triggering actor from executing actor
Starting next week, workflow re-runs in GitHub Actions will use the initial run’s actor for privilege evaluation.
The actor who triggered the re-run will continue to be displayed in the UI, and can be accessed in a workflow via the triggering_actor field in the GitHub context.
Currently, the privileges (e.g. – secrets, permissions) of a run are derived from the triggering actor.
This poses a challenge in situations where the actor triggering a re-run is different than the original executing actor.
The upcoming change will differentiate the initial executing actor from the triggering actor, enabling the stable execution of re-runs.
For more details see Re-running workflows and jobs.
I don't believe allowing actions to run only for certain users is a native feature.
However, you could simply check the action context actor and exit early if the actor is not the yourself (or the owner of the repo, or whatever condition you'd like).
I want to link Tasks to our Bitbucket server. However, when I try to add the server (Tools > Tasks & Content > Configure servers), it wants me to choose a server type.
Q1. I have no idea what type to select. I haven't found any reference for this question.
Q2. If a type is chosen, it asks for the server url. Do I need just https://bitbucket.org or do I need something more specific?
Tools > Tasks & Content > Configure servers
Add Server type Generic
Tab: General
Server URL: https://api.bitbucket.org/2.0/repositories/*YOUR LOGIN*/*REPO_NAME*
Fill Username & Password
Put a tick in the Use HTTP authentication
Tab: Commit message
{summary} #{id} - When commiting ID will be set tasks
Tab: Server Configuration
Tasks List URL: {serverUrl}/issues?status=new&status=open
Single Task URL: {serverUrl}/issues/{id}
Response Type : JSON
and then fill the data as shown is not the screenshot
(screenshot)
Adding to the accepted answer, please note that version 2.0 of the Bitbucket API uses a different format for parameters noted here: Bitbucket API 2.0: Filter and sort API objects
The Task List URL should be: {serverUrl}/issues?q=%28state+%3D+%22new%22+OR+state+%3D+%22open%22%29
When POSTing to https://developer.api.autodesk.com/viewingservice/v1/register I sometiems receive the following error:
{
Diagnostic: The request is rejected as it conflicts with a previous request that is in-progress.,
registerKeys: {},
Result: Conflict
}
How can I find out which job is already in progress so that I can track its progress and get its result?
First, this is the old API, you need to consider using the ModelDerivtive API instead (ie https://developer.autodesk.com/en/docs/model-derivative/v2)
Like Xiaodond said there is no API to collect all jobs currently processing on your account. You need to request each URN manifest to determine how many jobs runs on this model as know you can translate to SVF, but also export to other formats such as obj, stl, ... when it is possible. Manifest end point and documentation here - https://developer.autodesk.com/en/docs/model-derivative/v2/reference/http/urn-manifest-GET/
Last, we are working on a webhook solution which will be a better solution as a Webhook will call you back when a job is starting and completes. Webhooks aren't yet available at the time of this post, but you should be notified via the developer newsletter when it will be on production.
Hope that helps,