update-flake-lock icon indicating copy to clipboard operation
update-flake-lock copied to clipboard

Published 20 hours ago verified publisher icon DeterminateSystems

Permission denied on git push

Open pgrange opened this issue 1 year ago • 3 comments

I copy/pasted the first exemple from the README and see that it will always fail for a permission denied at the git push step.

Step to reproduce: copy/paste the exemple from the README and adjust it (here I point to version 19 of the action and I also activate the workflow when pushing on the dependencies_update branch:

name: update-flake-lock
on:
  push:
    branches:
      - dependencies_update
  workflow_dispatch: # allows manual triggering
  schedule:
    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00

jobs:
  lockfile:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@v19
        with:
          pr-title: "Update flake.lock" # Title of PR to be created
          pr-labels: |                  # Labels to be set on the PR
            dependencies
            automated

Then push and see the error in the action execution output:

Pushing pull request branch to 'origin/update_flake_lock_action'
  /usr/bin/git push --force-with-lease origin HEAD:refs/heads/update_flake_lock_action
  remote: Permission to pgrange/hydra.git denied to github-actions[bot].
  fatal: unable to access 'https://github.com/pgrange/hydra/': The requested URL returned error: 403
  Error: The process '/usr/bin/git' failed with exit code 128

Here is the full action output: job 8691097940

Here is the workflow file for this particular run: dependencies-update.yaml.

pgrange avatar May 03 '23 13:05 pgrange

Changing the permissions of the Workflows in the repository settings fixed the issue.

I would suggest to explain that in the README:

  • Go to repository settings / Actions / general
  • In Workflow permissions:
    • give Read and write permission
    • Allow GitHub Actions to create and approve pull requests
Capture d’écran 2023-05-03 à 16 09 38

pgrange avatar May 03 '23 14:05 pgrange

Since a bit more than a week even the workaround seems to have stopped working. Here it still worked: https://github.com/turion/rhine-koans/actions/runs/10372333171 Here it didn't: https://github.com/turion/rhine-koans/actions/runs/10474213770

turion avatar Aug 29 '24 07:08 turion