chore: add debug output #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test_app_permissions.yaml | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - pr-preview # ToDo adapt before merging to only use master: | |
| jobs: | |
| test-permissions: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate GitHub App Token | |
| id: app-token | |
| uses: actions/create-github-app-token@v1 | |
| with: | |
| app-id: ${{ secrets.GARDENER_GITHUB_WORKFLOW_PKG_MNGR_APP_ID }} | |
| private-key: ${{ secrets.GARDENER_GITHUB_WORKFLOW_PKG_MNGR_APP_PRIVATE_KEY }} | |
| - name: Debug - Check token and app info | |
| run: | | |
| echo "π Debugging GitHub App Token permissions..." | |
| echo "Token starts with: $(echo "${{ steps.app-token.outputs.token }}" | cut -c1-10)..." | |
| # Get information about the token/app | |
| echo -e "\nπ App Installation Info - Accessible Repositories:" | |
| curl -sS -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| https://api.github.com/installation/repositories | jq -r '.repositories[] | " - \(.full_name) (id: \(.id))"' | |
| echo -e "\nπ App Installation Permissions:" | |
| curl -sS -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| https://api.github.com/installation/repositories | jq -r '.permissions // "No permissions data"' | |
| echo -e "\nπ€ Token User Info:" | |
| curl -sS -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| https://api.github.com/user | jq '.' | |
| echo -e "\nπ¦ Checking access to klocke-io/pr-preview:" | |
| REPO_CHECK=$(curl -sS -w "\nHTTP_CODE:%{http_code}" \ | |
| -H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \ | |
| -H "Accept: application/vnd.github+json" \ | |
| https://api.github.com/repos/klocke-io/pr-preview) | |
| HTTP_CODE=$(echo "$REPO_CHECK" | grep "HTTP_CODE:" | cut -d: -f2) | |
| RESPONSE=$(echo "$REPO_CHECK" | sed '/HTTP_CODE:/d') | |
| if [ "$HTTP_CODE" == "200" ]; then | |
| echo "β Repository accessible!" | |
| echo "$RESPONSE" | jq -r '{name: .name, permissions: .permissions}' | |
| else | |
| echo "β Repository NOT accessible (HTTP $HTTP_CODE)" | |
| echo "$RESPONSE" | jq -r '.message // .' | |
| fi | |
| echo -e "\nπ― Summary:" | |
| echo " - App has access to: klocke-io/documentation" | |
| echo " - App trying to access: klocke-io/pr-preview" | |
| echo " - Result: The app is NOT installed on klocke-io/pr-preview repository" | |
| - name: Test commit permissions to pr-preview repo | |
| run: | | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| # Clone the repository using the app token | |
| git clone https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/klocke-io/pr-preview.git | |
| cd pr-preview | |
| # Check which branch we're on | |
| echo "π Current branch: $(git branch --show-current)" | |
| echo "π All branches:" | |
| git branch -a | |
| # Create a test file | |
| echo "Test commit at $(date)" > test-commit-permissions.txt | |
| # Attempt to commit and push | |
| git add test-commit-permissions.txt | |
| git commit -m "Test: Verify GitHub App token commit permissions" | |
| # Try to push to the current branch | |
| CURRENT_BRANCH=$(git branch --show-current) | |
| echo "π Attempting to push to branch: $CURRENT_BRANCH" | |
| git push origin "$CURRENT_BRANCH" | |
| echo "β Successfully committed to klocke-io/pr-preview repository" |