action-hosting-deploy icon indicating copy to clipboard operation
action-hosting-deploy copied to clipboard

Published 20 hours ago verified publisher icon FirebaseExtended

[BUG] UnhandledPromiseRejectionWarning: HttpError: Resource not accessible by integration

Open peterfortuin opened this issue 4 years ago • 10 comments

Action config

      - id: deploy-to-firebase
        name: Deploy to Firebase
        uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: "${{ secrets.GITHUB_TOKEN }}"
          firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_*** }}"
          expires: 5d
          projectId: ***
          entryPoint: website/public
        env:
          FIREBASE_CLI_PREVIEWS: hostingchannels

Error message

Run FirebaseExtended/action-hosting-deploy@v0
  with:
    repoToken: ***
    firebaseServiceAccount: ***
  
    expires: 5d
    projectId: ***
    entryPoint: website/public
  env:
    SLACK_WEBHOOK_URL: ***
    FIREBASE_CLI_PREVIEWS: hostingchannels
(node:4203) UnhandledPromiseRejectionWarning: HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/FirebaseExtended/action-hosting-deploy/v0/bin/action.min.js:1:29017
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(node:4203) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:4203) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Expected behavior

  • No error in de log
  • Message in the pull request with url to the preview
  • Preview deployed on Firebase Hosting Preview channels

Actual behavior

  • Error message in the log (see above)
  • No deployment on Firebase Hosting Preview channels
  • No message in the pull request

Additional comment

One thing that is also a little bit weird in this case, is that the build doesn't fail. I would assume that if the deployment fails the build on Github Actions would also fail.

peterfortuin avatar Apr 01 '21 07:04 peterfortuin

I noticed when I started to use FirebaseExtended/[email protected] it worked for me again. So I will be on that version for the time being. FirebaseExtended/[email protected] doesn't work.

peterfortuin avatar Apr 10 '21 11:04 peterfortuin

I got this when trying to deploy a PR from a fork, and "Send secrets to workflows from fork pull requests" was not enabled in the upstream repo. Enabling this setting fixed the issue.

Note: This was using private repos.

oyvindwe avatar Jun 07 '21 19:06 oyvindwe

Check if you have both read and write permissions for your actions under "Action" settings. I faced similar problem was fixed by providing both read and write permissions to actions.

rehanhaider avatar Jul 22 '21 20:07 rehanhaider

Not sure what is going on. It seems that when I create pull requests myself (with my own code) it works fine, but when dependabot creates pull requests it doesn't work fine. The version of this action doesn't seem to matter.

@oyvindwe I'm not working with forks, but it that option is enabled in my repo. @rehanhaider I have both read and write permissions enabled on the "Action" settings.

So, both thank you for your replies, but that doesn't seem to help. But I do have a feeling that it's related to some permissions somewhere, because it works when I do it myself, but dependabot pull requests fail.

peterfortuin avatar Nov 02 '21 11:11 peterfortuin

I would love to help out and make a fix for this, but I have no idea what is going wrong. Somebody has any idea? Maybe know how to find the correct location of the error in the non-minified sources?

peterfortuin avatar Nov 05 '21 15:11 peterfortuin

I have been diving into the code and into the documentation and it seems that this action can never work together with a dependabot pull request.

According to https://docs.github.com/en/rest/reference/checks you need the checks:write permission to create a check build (the action is creating a check build in src/createCheck.ts.

According to https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ all pull requests created by dependabot will now have readonly permissions. So this will never work with the code as it's now.

Anybody has any ideas how to solve this in the action or on the workflow side?

peterfortuin avatar Nov 07 '21 09:11 peterfortuin

Not sure how this relates to dependabot, but generally use of this action was fix by adding two permissions

    permissions:
      pull-requests: write
      checks: write

this crash was fixed by checks: write, and the pr permission was needed to send the comment with url.

mcfedr avatar Feb 11 '22 09:02 mcfedr

I had to set contents: read in addition to the write permissions to avoid checkout failing with remote: Repository not found., as per https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

If you specify the access for any of these scopes, all of those that are not specified are set to none.

oyvindwe avatar Jan 04 '23 17:01 oyvindwe

I need to add contents: read in addition to the pull-requests and checks to make it work:

permissions:
  checks: write
  contents: read
  pull-requests: write

Hope this helps someone.

ccrsxx avatar Jan 27 '23 15:01 ccrsxx