github-script icon indicating copy to clipboard operation
github-script copied to clipboard
verified publisher icon actions

HTTP status 422 when creating a protected branch

Open andy-maier opened this issue 1 year ago • 0 comments

Describe the bug

Using github.rest.git.createRef to create a protected branch fails with HTTP status 422:

 with:
    script: github.rest.git.createRef({
    owner: context.repo.owner,
    repo: context.repo.repo,
    ref: "refs/heads/stable_1.14",
    sha: "***",
  })
  
    github-token: ***
    debug: false
    user-agent: actions/github-script
    result-encoding: json
    retries: 0
    retry-exempt-status-codes: 400,401,403,404,422
  env:
    pythonLocation: /opt/hostedtoolcache/Python/3.10.13/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.10.13/x64/lib
    GITHUB_TOKEN: ***
RequestError [HttpError]: Reference update failed
    at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:6842:21
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  status: 422,
  response: {
    url: 'https://api.github.com/repos/zhmcclient/python-zhmcclient/git/refs',
    status: 422,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      connection: 'close',
      'content-length': '116',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Sat, 17 Feb 2024 12:09:39 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-accepted-github-permissions': 'contents=write; contents=write,workflows=write',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': '3C22:4C2A:1183F3F:238C1DC:65D0A203',
Error: Unhandled error: HttpError: Reference update failed
      'x-ratelimit-limit': '1000',
      'x-ratelimit-remaining': '995',
      'x-ratelimit-reset': '1708175320',
      'x-ratelimit-resource': 'core',
      'x-ratelimit-used': '5',
      'x-xss-protection': '0'
    },
    data: {
      message: 'Reference update failed',
      documentation_url: 'https://docs.github.com/rest/git/refs#create-a-reference'
    }
  },
  request: {
    method: 'POST',
    url: 'https://api.github.com/repos/zhmcclient/python-zhmcclient/git/refs',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'actions/github-script octokit-core.js/3.6.0 Node.js/16.20.2 (linux; x64)',
      authorization: 'token [REDACTED]',
      'content-type': 'application/json; charset=utf-8'
    },
    body: '{"ref":"refs/heads/stable_1.14","sha":"5c0450496126d2b24232ae0d750a6454d544f4b8"}',
    request: { agent: [Agent], hook: [Function: bound bound register] }
  }
}

When I change the branch name matching rule to something that does not match the new branch, the branch can be created with the actions plugin.

Creating the same branch with the git command line succeeds, despite the branch protection.

With an earlier release of this actions plugin, creating protected branches has worked fine.

An example of the failure is here: https://github.com/zhmcclient/python-zhmcclient/actions/runs/7941520871

To Reproduce

Steps to reproduce the behavior:

  1. Have a workflow that creates a branch, e.g. the following which is triggered by editing any milestone:
name: debug_create_branch
on:
  milestone:
    types: [edited]
jobs:
  debug_create_branch:
    name: Create a branch
    runs-on: ubuntu-latest
    steps:
    - name: Create a branch
      uses: actions/github-script@v6
      with:
        script: |
          github.rest.git.createRef({
            owner: context.repo.owner,
            repo: context.repo.repo,
            ref: "refs/heads/stable_1.14",
            sha: "${{ github.sha }}",
          })
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  1. Have a branch protection rule matching "stable_*" that prevents direct pushes to the branch. For more details on the settings, see this example: https://github.com/zhmcclient/python-zhmcclient/settings/branch_protection_rules/1798004
  2. Edit any milestone to trigger the workflow
  3. Watch the error in the workflow log

Expected behavior

Protected branches can be created without error.

Screenshots N/A

Desktop (please complete the following information):

  • OS: MacOS
  • Browser: Firefow
  • Version: 13.6.4

Smartphone (please complete the following information): N/A

Additional context N/A

andy-maier avatar Feb 17 '24 12:02 andy-maier