preview-action icon indicating copy to clipboard operation
preview-action copied to clipboard

Published 20 hours ago verified publisher icon UffizziCloud

Preview Action Failing on Forks?

Open markphelps opened this issue 1 year ago • 3 comments

👋🏻 the reusable workflow seems to fail consistently on PRs from a fork. Is this a known issue?

https://github.com/flipt-io/flipt/actions/runs/6962697989/job/18947118820

^This PR is from a user who forked our OSS project.

Run actions/github-script@v6
  with:
    debug: true
    script: const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']
  const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']
  core.setOutput('request-token', token.trim())
  core.setOutput('request-token-url', runtimeUrl.trim())
  
    github-token: ***
    user-agent: actions/github-script
    result-encoding: json
    retries: 0
    retry-exempt-status-codes: 400,401,403,404,422
  env:
    LOGGER_KEY: aHR0cHM6Ly80NGI3Zjk5MTFiODU0NWI5YTMzMDY4NzRhY2ZjYjJjOUBvMzI0MzExLmluZ2VzdC5zZW50cnkuaW8vNDUwNDM2MTIxMjI0ODA2NA==
    PR_NUMBER: 2438
    EXPECTED_URL: https://app.uffizzi.com/github.com/flipt-io/flipt/pull/2438
TypeError: Cannot read properties of undefined (reading 'trim')
    at eval (eval at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15143:16), <anonymous>:5:39)
    at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15144:12)
    at main (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15236:26)
    at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:15217:1
    at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:15268:3
    at Object.<anonymous> (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:15271:12)
    at Module._compile (node:internal/modules/cjs/loader:1198:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1252:10)
    at Module.load (node:internal/modules/cjs/loader:1076:32)
    at Function.Module._load (node:internal/modules/cjs/loader:911:12)
Error: Unhandled error: TypeError: Cannot read properties of undefined (reading 'trim')

markphelps avatar Nov 22 '23 21:11 markphelps

Hi @markphelps sorry you're experiencing this. We'll update our documentation before closing this ticket.

GitHub does restrict permissions on forks of public repositories. I'm on my phone so I can't get too deep but hopefully these links help:

  • similar situation https://github.com/aws-actions/configure-aws-credentials/issues/373
  • GitHub docs https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
  • not sure if this is Relevant or not https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#enabling-workflows-for-private-repository-forks

axisofentropy avatar Nov 22 '23 22:11 axisofentropy

Cheers, thanks @axisofentropy ! I have updated our workflow to not run on PRs from forks. Which is a bit unfortunate tbh since it is one of the main use cases we have for preview envs for an open source project

markphelps avatar Nov 24 '23 19:11 markphelps

@markphelps For open source projects, we recommend using a two-stage workflow, as described here. This allows outside contributors to safely preview pull requests.

You can see an example on the forem project here. Notice the two files uffizzi-build.yml and uffizzi-preview.yml.

gadkins avatar Nov 27 '23 05:11 gadkins