Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The workflow fails to run #266

Closed
fluentmoheshwar opened this issue Nov 30, 2022 · 7 comments
Closed

The workflow fails to run #266

fluentmoheshwar opened this issue Nov 30, 2022 · 7 comments
Labels
bug Something isn't working

Comments

@fluentmoheshwar
Copy link

git-auto-commit Version

v4.15.4

Machine Type

Ubuntu (eg. ubuntu-latest)

Bug description

The workflow fails to run and logs INPUT_PUSH_OPTIONS:
To https://github.com/fluentmoheshwar/fluentmoheshwar-site
! [remote rejected] main -> main (refusing to allow a GitHub App to create or update workflow .github/workflows/codeql.yml without workflows permission)
error: failed to push some refs to 'https://github.com/fluentmoheshwar/fluentmoheshwar-site'
Error: Invalid status code: 1

Steps to reproduce

Create a workflow like the example.
Run it.

Tried solutions

No response

Example Workflow

name: "Prettier"

on:
  push:
    branches: ["main"]
jobs:
  fix:
    name: Fix formatting issues
    runs-on: ubuntu-latest
    permissions:
      actions: write
      contents: write
      security-events: write
    steps:
      - uses: actions/checkout@v2
        with:
          ref: ${{ github.head_ref }}

      - uses: actionsx/prettier@v2
        with:
          # prettier CLI arguments.
          args: --write .

      - uses: stefanzweifel/git-auto-commit-action@v4
        with:
          commit_message: Prettified Code

Relevant log output

Run stefanzweifel/git-auto-commit-action@v4
Started: bash /home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/entrypoint.sh
INPUT_REPOSITORY value: .
INPUT_STATUS_OPTIONS: 
INPUT_FILE_PATTERN: .
INPUT_BRANCH value: 
M	.github/workflows/codeql.yml
M	.github/workflows/prettier.yml
M	.prettierrc.yaml
M	.vscode/extensions.json
M	.vscode/settings.json
M	LICENSE.md
M	README.md
M	index.html
M	package.json
M	public/manifest.webmanifest
M	public/service-worker.js
M	src/app.js
M	src/style.css
M	vite.config.js
Your branch is up to date with 'origin/main'.
INPUT_ADD_OPTIONS: 
INPUT_FILE_PATTERN: .
INPUT_COMMIT_OPTIONS: 
INPUT_COMMIT_USER_NAME: github-actions[bot]
INPUT_COMMIT_USER_EMAIL: github-actions[bot]@users.noreply.github.com
INPUT_COMMIT_MESSAGE: Prettified Code
INPUT_COMMIT_AUTHOR: fluentmoheshwar <[email protected]>
[main 052cb6d] Prettified Code
 Author: fluentmoheshwar <[email protected]>
 14 files changed, 926 insertions(+), 854 deletions(-)
INPUT_TAGGING_MESSAGE: 
No tagging message supplied. No tag will be added.
INPUT_PUSH_OPTIONS: 
To https://github.com/fluentmoheshwar/fluentmoheshwar-site
 ! [remote rejected] main -> main (refusing to allow a GitHub App to create or update workflow `.github/workflows/codeql.yml` without `workflows` permission)
error: failed to push some refs to 'https://github.com/fluentmoheshwar/fluentmoheshwar-site'
Error: Invalid status code: 1
    at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5) {
  code: 1
}
Error: Invalid status code: 1
    at ChildProcess.<anonymous> (/home/runner/work/_actions/stefanzweifel/git-auto-commit-action/v4/index.js:17:19)
    at ChildProcess.emit (node:events:390:28)
    at maybeClose (node:internal/child_process:1064:16)
    at Process.ChildProcess._handle.onexit (node:internal/child_process:301:5)
@fluentmoheshwar fluentmoheshwar added the bug Something isn't working label Nov 30, 2022
@stefanzweifel
Copy link
Owner

Hi there

The output the Action produces isn't great here. The output is not related to INPUT_PUSH_OPTIONS. The Action just prints nothing if push_options is not set.

As you probably saw, this is the actual error:

To https://github.com/fluentmoheshwar/fluentmoheshwar-site
! [remote rejected] main -> main (refusing to allow a GitHub App to create or update workflow .github/workflows/codeql.yml without workflows permission)
error: failed to push some refs to 'https://github.com/fluentmoheshwar/fluentmoheshwar-site'

You use custom permissions in your workflow file. During the run the .github/workflows/codeql.yml file was updated. It's a workflow run. Apparently GitHub adds special protection to those file.

You have 2 options:

Update your workflow to use workflows: write permissions.

name: "Prettier"

on:
  push:
    branches: ["main"]
jobs:
  fix:
    name: Fix formatting issues
    runs-on: ubuntu-latest
    permissions:
      actions: write
      contents: write
      security-events: write
+     workflows: write
    steps:
      - uses: actions/checkout@v2
        with:
          ref: ${{ github.head_ref }}

      - uses: actionsx/prettier@v2
        with:
          # prettier CLI arguments.
          args: --write .

      - uses: stefanzweifel/git-auto-commit-action@v4
        with:
          commit_message: Prettified Code

Update your Prettier settings to not update .github/workflows/*.yml files.

@fluentmoheshwar
Copy link
Author

image

@fluentmoheshwar
Copy link
Author

@stefanzweifel can you help me with this?

@stefanzweifel
Copy link
Owner

Silly me thought workflows is a supported permission. Doesn't seem so. (Docs)

A quick internet search for "refusing to allow a GitHub App to create or update workflow" shows results that all point to personal access tokens:

If you really need your workflow to change other workflow files, you need to create a new personl access token, add it as a secret to the repository and then reference it in the actions/checkout step (not in git-auto-commit)

See README for details: https://github.com/stefanzweifel/git-auto-commit-action#commits-made-by-this-action-do-not-trigger-new-workflow-runs

@fluentmoheshwar
Copy link
Author

fluentmoheshwar commented Dec 2, 2022 via email

@hudsonm62
Copy link

for future reference

I fixed this by creating a new PAT, gave it workflow access + repo access (not sure which ones i should of added)- Then copying the token into a GitHub Actions variable named WORKFLOW_TOKEN and assigning it in my actions/checkout:

    steps:
      - name: ⚙️ Checkout Repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.head_ref }}
          fetch-depth: 0
          token: ${{ secrets.WORKFLOW_TOKEN }}

@fluentmoheshwar
Copy link
Author

for future reference

I fixed this by creating a new PAT, gave it workflow access + repo access (not sure which ones i should of added)- Then copying the token into a GitHub Actions variable named WORKFLOW_TOKEN and assigning it in my actions/checkout:

    steps:
      - name: ⚙️ Checkout Repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.head_ref }}
          fetch-depth: 0
          token: ${{ secrets.WORKFLOW_TOKEN }}

Thank you

@blakeNaccarato blakeNaccarato mentioned this issue Mar 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stefanzweifel @hudsonm62 @fluentmoheshwar