Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Wiki changes can't push currently #5699

Closed
BenHenning opened this issue Feb 12, 2025 · 2 comments · Fixed by #5700
Closed

[BUG]: Wiki changes can't push currently #5699

BenHenning opened this issue Feb 12, 2025 · 2 comments · Fixed by #5700
Assignees
@BenHenning
Labels
bug End user-perceivable behaviors which are not desirable. Impact: High High perceived user impact (breaks a critical feature or blocks a release). Work: Low Solution is clear and broken into good-first-issue-sized chunks.

Comments

@BenHenning
Copy link
Member

Describe the bug

Attempts to update the wiki are failing during wiki deployment:

...
Switched to a new branch 'master'
remote: Permission to oppia/oppia-android.wiki.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/oppia/oppia-android.wiki.git/': The requested URL returned error: 403

From https://github.com/oppia/oppia-android/actions/runs/13187896020/job/36818438965#step:3:264.

Steps To Reproduce

Make a change to the wiki and submit the PR, or manually trigger a wiki deployment via the actions workflow.

Expected Behavior

Deployment should succeed.

Screenshots/Videos

No response

What device/emulator are you using?

N/A

Which Android version is your device/emulator running?

N/A

Which version of the Oppia Android app are you using?

N/A

Additional Context

This is very likely tied to a policy update made at the Oppia organization level recently where GITHUB_TOKEN was restricted to only have "read repository contents and packages" permissions. Oppia web and Android have different approaches for deployment which is why we're only seeing this for Android:

https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token describes the permission levels for GITHUB_TOKEN. I suspect all we need to do is update the required permissions for the workflow so that it has the correct permissions per https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token#defining-access-for-the-github_token-permissions.
@BenHenning BenHenning added bug End user-perceivable behaviors which are not desirable. triage needed Impact: High High perceived user impact (breaks a critical feature or blocks a release). Work: Low Solution is clear and broken into good-first-issue-sized chunks. labels Feb 12, 2025
@BenHenning BenHenning self-assigned this Feb 12, 2025
@BenHenning BenHenning mentioned this issue Feb 12, 2025
Merged
6 tasks
@BenHenning
Copy link
Member Author

BenHenning commented Feb 14, 2025
edited
Loading

After #5700 was merged, it seems like the wiki deployment did not re-run:

Image

It's not obvious to me at all why it didn't run for the latest develop changes--I'd actually expect it to run every PR that gets merged but it doesn't seem like that's the case.

Edit: Ah, nevermind this does make sense. The triggers filter based on changes to the wiki folder, and that PR didn't. I'll manually re-run the deploy script for the wiki and verify that it updated.

@BenHenning BenHenning mentioned this issue Feb 14, 2025
Merged
6 tasks
@BenHenning
Copy link
Member Author

Looks like we're going to need support for workflow_dispatch in order to test this. Sent #5703 out for review so that the wiki fix can actually be verified on develop.

BenHenning added a commit that referenced this issue Feb 17, 2025
@BenHenning
Fix part of #5699: Enable workflow dispatching for wiki jobs (#5703)
38419bf 
## Explanation

Fixes part of #5699 (even though it's already expected to be fixed).

This was missed in #5700. We can't verify the fixes from that PR without
the ability to re-run the workflow outside of a PR (or until another PR
that modifies the wiki is merged). It seems ideal to have the ability to
force-refresh the wiki in this way, anyway.

Similar to #5700, this can't be easily verified until it's merged.

## Essential Checklist
- [x] The PR title and explanation each start with "Fix #bugnum: " (If
this PR fixes part of an issue, prefix the title with "Fix part of
#bugnum: ...".)
- [x] Any changes to
[scripts/assets](https://github.com/oppia/oppia-android/tree/develop/scripts/assets)
files have their rationale included in the PR explanation.
- [x] The PR follows the [style
guide](https://github.com/oppia/oppia-android/wiki/Coding-style-guide).
- [x] The PR does not contain any unnecessary code changes from Android
Studio
([reference](https://github.com/oppia/oppia-android/wiki/Guidance-on-submitting-a-PR#undo-unnecessary-changes)).
- [x] The PR is made from a branch that's **not** called "develop" and
is up-to-date with "develop".
- [x] The PR is **assigned** to the appropriate reviewers
([reference](https://github.com/oppia/oppia-android/wiki/Guidance-on-submitting-a-PR#clarification-regarding-assignees-and-reviewers-section)).

## For UI-specific PRs only
N/A -- This only affects GitHub actions wiki workflows.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BenHenning BenHenning

Labels
bug End user-perceivable behaviors which are not desirable. Impact: High High perceived user impact (breaks a critical feature or blocks a release). Work: Low Solution is clear and broken into good-first-issue-sized chunks.
Projects
[Team] Developer Workflow & Infrastructure - Android
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #5699: Update wiki deployment permissions oppia/oppia-android
2 participants
@BenHenning @adhiamboperes