runner icon indicating copy to clipboard operation
runner copied to clipboard

Published 20 hours ago verified publisher icon actions

`github.action_repository` and `github.action_ref` are empty in `run` for composite actions

Open jsoref opened this issue 1 year ago • 13 comments

Describe the bug github.action_repository and github.action_ref are empty in run for composite actions

To Reproduce

  1. Set up a workflow that uses an action that uses github.action_repository / github.action_ref in run in a step.
  2. Trigger a run for the workflow

Expected behavior github.action_repository / github.action_ref should be filled in for run just as it is for env

Runner Version and Platform

Version of your runner? Current runner version: '2.302.1'

OS of the machine running the runner? ubuntu-latest

What's not working?

github.action_repository / github.action_ref are empty

Job Log Output

https://github.com/check-spelling/gotosocial/actions/runs/4337164095/jobs/7572980729

2023-03-05T17:20:23.2256789Z ##[group]Run set -x
2023-03-05T17:20:23.2257101Z [36;1mset -x[0m
2023-03-05T17:20:23.2257452Z [36;1mTHIS_ACTION_PATH=$(perl -pe 's#/\./#/#g; s#//+#/#g; s#/$##g' <<< "/home/runner/work/_actions/jsoref/check-spelling/prerelease")[0m
2023-03-05T17:20:23.2257784Z [36;1m([0m
2023-03-05T17:20:23.2258036Z [36;1m  echo "THIS_ACTION_PATH=$THIS_ACTION_PATH"[0m
2023-03-05T17:20:23.2258338Z [36;1m  echo "PATH=$THIS_ACTION_PATH/wrappers:$PATH"[0m
2023-03-05T17:20:23.2258580Z [36;1m  echo "TASK="[0m
2023-03-05T17:20:23.2258804Z [36;1m  echo "DO_CHECKOUT=true"[0m
2023-03-05T17:20:23.2259041Z [36;1m  echo "FETCH_DEPTH=1"[0m
2023-03-05T17:20:23.2259258Z [36;1m  echo "USE_SARIF=1"[0m
2023-03-05T17:20:23.2259493Z [36;1m  echo "ALTERNATE_ENGINE="[0m
2023-03-05T17:20:23.2259786Z [36;1m  echo "GH_ACTION_REPOSITORY=check-spelling/gotosocial"[0m
2023-03-05T17:20:23.2260118Z [36;1m  echo "GH_ACTION_REF=spell-check-with-spelling"[0m
2023-03-05T17:20:23.2260388Z [36;1m) >> "$GITHUB_ENV"[0m
2023-03-05T17:20:23.2316490Z shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
2023-03-05T17:20:23.2316815Z ##[endgroup]
2023-03-05T17:20:23.2565697Z ++ perl -pe 's#/\./#/#g; s#//+#/#g; s#/$##g'
2023-03-05T17:20:23.2566247Z + THIS_ACTION_PATH=/home/runner/work/_actions/jsoref/check-spelling/prerelease
2023-03-05T17:20:23.2566736Z + echo THIS_ACTION_PATH=/home/runner/work/_actions/jsoref/check-spelling/prerelease
2023-03-05T17:20:23.2567757Z + echo PATH=/home/runner/work/_actions/jsoref/check-spelling/prerelease/wrappers:/home/runner/.local/bin:/opt/pipx_bin:/home/runner/.cargo/bin:/home/runner/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/runner/.dotnet/tools:/snap/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
2023-03-05T17:20:23.2569271Z + echo TASK=
2023-03-05T17:20:23.2569494Z + echo DO_CHECKOUT=true
2023-03-05T17:20:23.2569701Z + echo FETCH_DEPTH=1
2023-03-05T17:20:23.2569913Z + echo USE_SARIF=1
2023-03-05T17:20:23.2570127Z + echo ALTERNATE_ENGINE=
2023-03-05T17:20:23.2570470Z + echo GH_ACTION_REPOSITORY=check-spelling/gotosocial
2023-03-05T17:20:23.2570843Z + echo GH_ACTION_REF=spell-check-with-spelling
2023-03-05T17:20:23.2755350Z ##[group]Run secpoll

Runner and Worker's Diagnostic Logs

If applicable, add relevant diagnostic log information. Logs are located in the runner's _diag folder. The runner logs are prefixed with Runner_ and the worker logs are prefixed with Worker_. Each job run correlates to a worker log. All sensitive information should already be masked out, but please double-check before pasting here.

jsoref avatar Mar 05 '23 22:03 jsoref

Cross filed as: https://github.com/orgs/community/discussions/49245#discussioncomment-5209064 https://support.github.com/ticket/personal/0/2042233 https://github.com/github/docs/issues/25336#issuecomment-1736251764

jsoref avatar Mar 05 '23 22:03 jsoref

Accidentally duplicated with #2525 😅

Leaving it open for now in case there is other useful info in it. 🤷🏻

JamesMGreene avatar Apr 20 '23 16:04 JamesMGreene

Seems like there has been an update to the support ticket: https://github.com/github/docs/issues/25336. I'm linking it here to connect those issues, however the response quoted in the linked docs issue reads like won't fix.

ChristopherHX avatar May 03 '23 11:05 ChristopherHX

Am I missing something or this means that is impossible to use a specific version of the action due to this bug?

ssbarnea avatar Sep 21 '23 10:09 ssbarnea

No, your action will still run, you just won't easily know where your action came from and what version you are. If you burn that info into your repo w/ files, you could get info that way. And iirc I had some way to work around this, it's just fairly annoying.

jsoref avatar Sep 21 '23 11:09 jsoref

We use dynamic versioning based on github tags, so basically is impossible for the code to discover its own version and tell user to upgrade if needed, code that we already had implemented for normal usage.

Is bit perplexed by the fact that that all that happens seems more like on-purpose to make it impossible to know:

  • action code is not cloned, so no access to tags or even ref number
  • no environment variable exposed regarding who called it and with which what @tag

ssbarnea avatar Sep 29 '23 13:09 ssbarnea

Yes, I sympathize -- that's why I filed this.

Fwiw, there is a workaround noted in https://github.com/github/docs/issues/25336#issuecomment-1736251764 (I think @ChristopherHX might have suggested it somewhere), and it looks like they're going to document this quirk in the near future.

Basically my action.yml defines an env: for each of the things i need and then I can use them within the run: space via that environment variable.

jsoref avatar Sep 29 '23 13:09 jsoref

Yeah I mentioned this in https://github.com/orgs/community/discussions/49245#discussioncomment-5209064.

Keep in mind local action call syntax (./) doesn't have an action_ref, that's why most action ci will have empty values if using it for tests...

A similar problems happens by using ${{ github.action_path }} in the run step (a different issue exists https://github.com/actions/runner/issues/716) it's not empty, but may contain the host path in the run step if not passed by env section.

It's totally unsafe to use run: ${{..}}, but it's the easiest way to get it wrong and allow script injection..

composite actions are quite buggy and some very old issues about them are not fixed within 1 year, even if a pr has been contributed

ChristopherHX avatar Sep 29 '23 15:09 ChristopherHX

Right, which means this is how I worked around it: https://github.com/check-spelling/check-spelling/blob/ed14e107b2404ceec4db32161bc3cc353b123b46/.github/workflows/spelling.yml#L114 https://github.com/check-spelling/check-spelling/blob/ed14e107b2404ceec4db32161bc3cc353b123b46/action.yml#L522-L523

It's good enough for testing...

jsoref avatar Sep 29 '23 16:09 jsoref

it seems that the workaround doesnt work for embedded composite actions, it seems that it shows the top level action ref always. Say: workflow1 calls action1@ref1 calls action2@ref2.

following code in the action2 returns: action_ref: ref1 while I expect action_ref: ref2

run: |
  echo "action_ref: $action_ref"
env:
  action_ref: ${{ github.action_ref }}

copdips avatar Oct 23 '23 21:10 copdips

Thanks for letting me know that my initial workaround is affected by another actions/runner bug..., if we nest composite actions (Sadly local composite actions break all post steps inputs)

inputs:
  action_ref:
    default: ${{ github.action_ref }} # Downside the user can override it
runs:
  using: composite
  steps:
  - uses: actions/github-script@v5
    with:
      script: |
                console.log('${{ github.action_ref }}'); # broken, returns v5
  - run: echo ${{ env.ref }}
    env:
      ref: ${{ github.action_ref }} # broken
    shell: bash
  - run: echo ${{ env.ref }}
    env:
      ref: ${{ inputs.action_ref }} # works
    shell: bash
  - run: echo ${{ inputs.action_ref }} # works
    shell: bash
Expected log output 
##[group]Run Christopher/nested-composite-get-ref@main
##[endgroup]
##[group]Run echo main
echo main
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
  ref: main
##[endgroup]
main
##[group]Run Christopher/nested-composite-get-ref@me
with:
  action_ref: me
##[endgroup]
##[group]Run actions/github-script@v5
with:
  script: console.log('v5');
  github-token: ***
  debug: false
  user-agent: actions/github-script
  result-encoding: json
##[endgroup]
v5
##[group]Run echo main
echo main
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
  ref: main
##[endgroup]
main
##[group]Run echo me
echo me
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
  ref: me
##[endgroup]
me
##[group]Run echo me
echo me
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
##[endgroup]
me

To recap you could try the following ( verified locally using actions runner 2.309.0 )

inputs:
  action_ref:
    default: ${{ github.action_ref }}
runs:
  using: composite
  steps:
  - run: echo ${{ inputs.action_ref }}
    shell: bash

ChristopherHX avatar Oct 23 '23 21:10 ChristopherHX 

inputs:
  action_ref:
    default: ${{ github.action_ref }}

Thanks for the prompt reply, with inputs default value, it's working now, this is really tricky :)

copdips avatar Oct 23 '23 22:10 copdips

Any update on this? We seem to have also just hit this problem, still seems to be an issue

lure8225 avatar May 06 '24 07:05 lure8225