runner icon indicating copy to clipboard operation
runner copied to clipboard
verified publisher icon actions

Octokit request for dependabot alerts returns opaque 500 error on Github action, but not locally

Open thevictorchang opened this issue 2 years ago • 2 comments

Describe the bug An octokit (with Node JS) request to get dependabot alerts for a repo returns an opaque 500 error when the code is run on a Github Action, but is successful when run from my local machine.

To Reproduce Steps to reproduce the behavior:

  • Create Github Workflow running on Node 20 that makes an octokit request to get a repository's dependabot alerts:
import { Octokit } from 'octokit'

const octokit = new Octokit({
  auth: process.env.DEPENDABOT_GITHUB_TOKEN
})

const octokitRequest = await octokit.request('GET /repos/envato/marketplace/dependabot/alerts')

const alerts = await octokit.paginate(
  octokitRequest,
  {
    per_page: 100,
    headers: {
      'X-GitHub-Api-Version': '2022-11-28'
    }
  },
  (response) => response.data
)

console.log(`Number of alerts: ${alerts.length}`)

Expected behavior Running the above node code should return the repository's dependabot alerts with a 200 code

Runner Version and Platform

Current runner version: '2.311.0' Operating System Ubuntu 22.04.3 LTS

What's not working?

Running the above code on my machine is fine (using the same Github token), but on the Github Action it returns a 500 "RequestError [HttpError]: fetch failed".

Job Log Output

/home/runner/work/marketplace/marketplace/.github/workflows/dependabot/node_modules/@octokit/request/dist-node/index.js:146
    throw new import_request_error.RequestError(error.message, 500, ***
          ^

RequestError [HttpError]: fetch failed
    at /home/runner/work/marketplace/marketplace/.github/workflows/dependabot/node_modules/@octokit/request/dist-node/index.js:146:11
    at async requestWithGraphqlErrorHandling (/home/runner/work/marketplace/marketplace/.github/workflows/dependabot/node_modules/@octokit/plugin-retry/dist-node/index.js:70:20)
    at async Job.doExecute (/home/runner/work/marketplace/marketplace/.github/workflows/dependabot/node_modules/bottleneck/light.js:405:18) ***
  status: 500,
  request: ***
    method: 'GET',
    url: 'https://api.github.com/repos/envato/marketplace/dependabot/alerts?status=200&data=%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D%2C%5Bobject%20Object%5D',
    headers: ***
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'octokit.js/2.1.0 octokit-core.js/4.2.4 Node.js/20.9.0 (linux; x64)',
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'cache-control': 'private, max-age=60, s-maxage=60',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Thu, 16 Nov 2023 22:49:23 GMT',
      etag: 'W/"cf51e4a79234328739686315d2f84a38c8f03265e5163a6b811479c90e3acc7b"',
      'last-modified': 'Sun, 29 Oct 2023 20:54:13 GMT',
      link: '<https://api.github.com/repositories/28023/dependabot/alerts?page=2>; rel="next", <https://api.github.com/repositories/28023/dependabot/alerts?page=3>; rel="last"',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept, Authorization, Cookie, X-GitHub-OTP, Accept-Encoding, Accept, X-Requested-With',
      'x-accepted-oauth-scopes': 'admin:repo_hook, delete_repo, read:repo_hook, repo, repo:invite, repo:status, repo_deployment, security_events, write:repo_hook',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': 'FD80:368F:A6ECB6:158D037:65569C72',
      'x-oauth-scopes': 'repo, workflow',
      'x-ratelimit-limit': '5000',
      'x-ratelimit-remaining': '4528',
      'x-ratelimit-reset': '170017[66](https://github.com/envato/marketplace/actions/runs/6897335478/job/18765519942#step:4:67)49',
      'x-ratelimit-resource': 'core',
      'x-ratelimit-used': '4[72](https://github.com/envato/marketplace/actions/runs/6897335478/job/18765519942#step:4:73)',
      'x-xss-protection': '0',
      authorization: 'token [REDACTED]'
    ***,
    request: ***
      hook: [Function: bound bound register],
      retryCount: 3,
      retries: 3,
      retryAfter: 16
    ***
  ***
***

Node.js v20.9.0
Error: Process completed with exit code 1.

thevictorchang avatar Nov 16 '23 23:11 thevictorchang

Please any update on this?, were you able to resolve this

teyim avatar Apr 02 '24 13:04 teyim

Update, for me, this was fixed by me switching ISP network..for anyone in the future, you might want to disconnect from any VPN or switch ISP's

teyim avatar Apr 03 '24 22:04 teyim