actions
Missing `appId` option
I'm trying to update from v1 to v2 but get the following error that seems to indicate that the app-id option is not correctly forwarded to Octokit's auth-app:
Error: [@octokit/auth-app] appId option is required
at createAppAuth (/home/runner/work/_actions/actions/create-github-app-token/v2/dist/main.cjs:42355:11)
at main (/home/runner/work/_actions/actions/create-github-app-token/v2/dist/main.cjs:42560:17)
at Object.<anonymous> (/home/runner/work/_actions/actions/create-github-app-token/v2/dist/main.cjs:42684:20)
at Module._compile (node:internal/modules/cjs/loader:1529:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1613:10)
at Module.load (node:internal/modules/cjs/loader:1275:32)
at Module._load (node:internal/modules/cjs/loader:1096:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:164:12)
at node:internal/main/run_main_module:28:49
I'm successfully using this action in v1 as follows:
- name: Get token from GitHub App
uses: actions/create-github-app-token@v1
id: app_token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PEM }}
owner: ${{ github.repository_owner }}
repositories: "<omitted, comma-separated list of repos>"
In the same action, without changing anything else, does it fail if you change @v1 to @v2?
I'm using the v2 a lot myself and didn't run into this problem. It's most likely something else. Maybe secrets.APP_ID should be vars.APP_ID or the secret is no longer set where you get the error?
v1 works flawlessly but when changing the tag to v2, the error mentioned above occurs
If someone could create minimal workflow that reproduces the bug, it would help greatly to figure out the source of the bug.
I think this problem stems from the secret being empty. E.g. the repository may not have access to it in that situation.
My situation was the following: I have this actions/create-github-app-token in a workflow that I called from another repository — because I assumed the workflow would still be able to access my (org) secrets.
This is not the case, so I had define the secrets as parameters to the workflow and call it like this:
jobs:
lint:
uses: my-org/workflows/.github/workflows/lint.yml@main
secrets:
app-id: ${{ secrets.MY_APP_ID_SECRET }}
private-key: ${{ secrets.MY_APP_PRIVATE_KEY }}
Then in the workflow, I use ${{ secrets.app-id }} etc..
Maybe the error could be improved and say that the appId is empty, or something?
Thanks for the pointer! I think that's exactly the problem. I've observed the issue in a PR created by Dependabot and I guess the corresponding CI run (on push) does not have access to the secrets
@ArquintL If it's dependabot, then you need dependabot secrets, or something. Or skip it all together.
If you "sub-call" a workflow that uses secrets you need to pass the secrets: inherit option.
Otherwise the secrets will be empty and then you get the error.
name: 'Reset'
on:
workflow_call:
inputs:
branch:
type: string
description: 'Branch to reset'
required: true
workflow_dispatch:
inputs:
branch:
type: choice
description: 'Branch to reset'
options:
- 'generated'
required: true
jobs:
resetting-branch:
name: 'Resetting branch'
secrets: inherit # <-- Important!
uses: './.github/workflows/reset_branch.yml' # <-- This workflow uses 'actions/create-github-app-token'
with:
branch: ${{ github.event.inputs.branch }}
Can there be an added validation feature or something. I cited a workflow example as provided above. I’m not sure if organizations who are automating or building their own software are ok with their technology wrapped in quotes as seen here.
v1 example
- name: Get token from GitHub App
uses: actions/create-github-app-token@v1
id: app_token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.APP_PEM }}
owner: ${{ github.repository_owner }}
repositories: "<omitted, comma-separated list of repos>"
Can there be an added validation feature or something. I cited a workflow example as provided above. I’m not sure if organizations who are automating or building their own software are ok with their technology wrapped in quotes as seen here.
v1example- name: Get token from GitHub App uses: actions/create-github-app-token@v1 id: app_token with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PEM }} owner: ${{ github.repository_owner }} repositories: "<omitted, comma-separated list of repos>"
This has nothing to do with the authors issue...
Can there be an added validation feature or something. I cited a workflow example as provided above. I’m not sure if organizations who are automating or building their own software are ok with their technology wrapped in quotes as seen here.
v1example
- name: Get token from GitHub App uses: actions/create-github-app-token@v1 id: app_token with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.APP_PEM }} owner: ${{ github.repository_owner }} repositories: "<omitted, comma-separated list of repos>"
This has nothing to do with the authors issue...
I’ll create a new issue then.
@ArquintL Hey sir, I get this similar error how did you find a solution for yours ,thanks in advance
/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:42555
throw new Error("Input required and not supplied: app-id");
^
Error: Input required and not supplied: app-id
at Object.<anonymous> (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:42555:9)
at Module._compile (node:internal/modules/cjs/loader:1529:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1613:10)
at Module.load (node:internal/modules/cjs/loader:1275:32)
at Module._load (node:internal/modules/cjs/loader:1096:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:164:12)
at node:internal/main/run_main_module:28:49`
- name: Generate Token
uses: actions/create-github-app-token@v1
id: generate-token
with:
app-id: ${{ secrets.GH_SEMREL_APP_ID }}
private-key: ${{ secrets.GH_SEMREL_PRIVATE_KEY }}
owner: abc
@karalarmehmet Hi Mehmet! I did not spend too much time on this issue as this action became no longer necessary for our use case at pretty much the same time this issue occurred for me. Good luck with finding a solution!
@karalarmehmet could you provide more context on how you run the step?
As I mention above if you "sub-call" a workflow you need to pass the secrets to the workflow.
@karalarmehmet could you provide more context on how you run the step?
As I mention above if you "sub-call" a workflow you need to pass the secrets to the workflow.
@Mqxx it is not reusable directly using the secrets for an GitHub App to release versions (gh-semrel-app ) and we need to generate tokens like shown below and our tests was not failing until 2 weeks ago but now suddenly I got the error
- name: Generate Token
uses: actions/create-github-app-token@v1
id: generate-token
with:
app-id: ${{ secrets.GH_SEMREL_APP_ID }}
private-key: ${{ secrets.GH_SEMREL_PRIVATE_KEY }}
owner: abc
~~I just ran into this today. I have a dependabot PR updating the version from 1.6.0 to 2.1.4. I ran into the following error when the action job ran:~~
Error: [@octokit/auth-app] appId option is required
~~I noticed the 2.1.4 update notes mentioned a major version bump of @octolog/authapp~~
deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 (https://github.com/actions/create-github-app-token/issues/257) ([bef1eaf](https://github.com/actions/create-github-app-token/commit/bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1))
~~I downgraded to 2.1.3 and the action succeeded. I'm reading app-id and private-key from secrets~~
Disregard the ☝️ , it was a permissions issue with dependabot
