add-to-project
add-to-project copied to clipboard
actions
Could not resolve to a node with the global id of '******'
I have a github workflow using this action that adds all issues with a bug label to my project board. I've configured the workflow in two repos with the same github token available to both (via organization secrets).
In one repo the action is working correctly. In another I am seeing this error:
Could not resolve to a node with the global id of '******'
I've hidden the id value from the error cause I don't know if that's sensitive or not. The id is meaningless to me and looks like some opaque identifier.
@mattcosta7 Any thoughts on what I should try here? Or any additional info I can provide for debugging? I've got several private repos (in the same organization as my project) that fail with the same error.
:wave: Hi @defunctzombie it sounds like for whatever reason it's having trouble resolving the graphql node_id.
You should be able to query the node_id directly using a GraphQL query like:
query getNode($node_id: ID!) {
node(id: $node_id) {
id
__typename
}
{
"node_id": "******"
}
This should at least tell us the __typename of the node that's trying to be queried. If you can query it via GraphQL, I think it likely means that there's some kind of permission issue with the repository in question.
Thinking about this further I'm not sure how much this action supports org secrets as our docs specify using PATs, but looking at org secret creation it looks like there are a few options:
So might also want to ensure that your secret matches the expected Repository Access configuration.
@skw I've double checked - our secrets (created at the org level) use the "selected repositories" option and I also confirmed they are shared with the repositories where I am seeing the error. The same secret is also shared in a repository where I use the same action but don't see an error. That repository is public tho.
I got the same issue from a recently created private repository whereas it was and it is still working fine with older private repositories. The secret is at the organization level and is accessible by all private projects.
Could this somehow only happen in newer created repositories?
Got the same issue on my end, repository was created a long time ago but just added automation recently. The secret is working like a charm but it seems like the action is failing with the node id. Anything I missed?
👋 We are currently working on deploying some internal security policy updates that we think might be related to this issue. We are tracking this issue in our internal backlog and we'll let you know when we have any updates.
In the meantime, for anyone who has been experiencing this issue (@defunctzombie @jlind23 @momobel), could you provide more information on your setup? The following would be helpful:
- What type of personal access token you have configured
- What permissions the access token has available to it
- Is a GitHub App token being used?
- Any other info related to the integration: repository scope, org scope, etc.
I've moved to a custom github bot app instead of the action because I wanted to apply these behaviors to my entire org and found the repo-by-repo approach too manual. I no longer use this action so don't have a reproduction to poke at anymore.
What type of personal access token you have configured
Not sure I get your question right. It is a personal access token created on my account and it doesn't have any expiration set.
What permissions the access token has available to it
- All "repo" access
- write:org and read:org
- All "user" access
- All "project" access
Is a GitHub App token being used?
Nope
Any other info related to the integration: repository scope, org scope, etc.
I am using the Github action with the latest version inside a private repo.
I'm experiencing the same issue.
My PAT token has only the project and read:project access. The token also has SSO enabled for the elastic org. My GitHub action YML is defined in a private repo defined in the elastic org, https://github.com/elastic/. Here is the code for it:
name: Add issue to project board
on:
issues:
types:
- opened
jobs:
add-to-project:
runs-on: ubuntu-latest
steps:
- uses: octokit/[email protected]
id: add_to_project
with:
projectid: "PVT_kwREDACTED"
contentid: ${{ github.event.issue.node_id }}
query: |
mutation add_to_project($projectid:ID!,$contentid:ID!) {
addProjectV2ItemById(input:{projectId:$projectid contentId:$contentid}) {
item {
id
}
}
}
env:
# The default GITHUB_TOKEN env var doesn't have `project` scope.
# The token used requires `project` scope (no other scope required).
GITHUB_TOKEN: ${{ secrets.MY_PAT_TOKEN }}
The projectId references a V2 project defined at https://github.com/orgs/elastic/projects/
GitHub actions throws this error:
Error: Request failed due to following response errors:
- Could not resolve to a node with the global id of 'I_kwDREDACTED'.
The same action works for me in this public repo in the richkuz org using a different PAT token with the same scope (project and project:read):
https://github.com/richkuz/repo1
The PAT token used in the richkuz org working example has no SSO configured because the richkuz org doesn't use SSO.
No GitHub App tokens are in use, only Personal App Tokens.
same issue here using PAT token with the projectand read:project access. The token is also using SSO and I am using the gh cli
gh api graphql -f query='
mutation($project:ID!, $issue:ID!) {
addProjectV2ItemById(input: {projectId: $project, contentId: $issue}) {
item {
id
}
}
}' -f project=$PROJECT_ID -f issue=$ISSUE_ID --jq '.data.addProjectV2Item.projectV2Item.id'
I am getting the error
gh: Could not resolve to a node with the global id of
@camchenry any new info? same issue using PAT. Seems like "contentid: ${{ github.event.issue.node_id }}" doesnt work.
For those of you still having this issue, I added the repo scope and it works now for us
For those of you still having this issue, I added the
reposcope and it works now for us
Thanks @fidou ! That solved it for us. Also to note, you need to re-authorize the org after a token change.
For those still dealing with this - I was also able to get around the issue by making my private repository and private project board both public. After changing their visibility, the action worked without this error. (Doesn't actually help me because ultimately I want them to be private, but hey, it got somewhere)
Came across this during my googling of a similar issue I faced. The GH GraphQL API mutation called updateProjectV2DraftIssue wasn't able to resolve a draft issue id that I knew existed. Turns out this hasn't been fully rolled out yet and my query returning the issue IDs was returning old format IDs. Adding X-Github-Next-Global-ID: 1 header to the query returned the correct IDs and those worked with the mutations as well.
Hope this helps!
For those of you still having this issue, I added the
reposcope and it works now for us
@fidou any idea what should be the permission for GitHub app?
@semihural-tomtom no idea out of my head, but by looking at it I am guessing read on projects and read-write on issues. I d try and see.
We have a public board under an organization and a private repository as well under the same organization. The script was not working and failed with the error mentioned above. Initially, I did not check the repo:invite scope, - I though it is unrelated but actually that was the problem. After I checkmarked that it started to work.
if that helps anyone, make sure as a itemId you do not use the itemId you see in github webapp url, but rather its true node ID starting with PVTI_
you can find this ID here: https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects?tool=curl#finding-information-about-items-in-a-project
This error message could be more clear, but generally when this occurs, it means that the GraphQL API couldn't find the requested entity because it either doesn't exist, or you don't have access to it.
If you are experiencing this error message, I would recommend checking that:
- The access token is not expired
- The access token is a personal access token, not a GitHub app token, which is currently unsupported by this action.
- The access token is registered as an organization or repository secret
- The access token has access to the organization
- The access token has access to the given repository (or repositories)
- The access token has permissions for:
- Organization projects
- Repository issues
- Repository pull requests
- The project being added to is part of the organization
- The project being added has an organization base role of at least "Write"
- Or, the project being added to is a public project
- The issue or pull request being added actually exists
- The issue or pull request being is being queried by the new global GraphQL Node ID format: https://docs.github.com/en/graphql/guides/migrating-graphql-global-node-ids
- Ensure that IDs being returned match the new format (such as
I_kgDOADP9xw). Otherwise, passX-Github-Next-Global-ID=1as a HTTP header as part of the request.
- Ensure that IDs being returned match the new format (such as
If there are other issues pertaining to the functionality of this action specifically, please open a new issue in this repository. I hope this list helps troubleshoot this error message.