github-push-action icon indicating copy to clipboard operation
github-push-action copied to clipboard

Published 20 hours ago verified publisher icon ad-m

Error when pushing using personal access token -- the requested URL returned error: 403

Open fc opened this issue 4 years ago • 8 comments

Context: Was checking out multiple private repos and was copying a file from a private repos to a public repos in the workspace, then committing and pushing. The push would fail with a 403.

Error:

remote: Permission to my-repos denied to github-actions[bot].
fatal: unable to access 'https://github.com/.../my-repos.git/': The requested URL returned error: 403

By running this command we can see any of config settings being used for our repos:

git config -l

We discovered the checkout action is executing a command like this:

git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***

Reference: https://github.com/actions/checkout/blob/master/adrs/0153-checkout-v2.md#pat

The fix is to do this:

git config --local --unset-all "http.https://github.com/.extraheader"

It's seems unlikely that this could lead to side effects but it may be desirable to re-set this value after the push is completed.

Sorry for lack of PR, we ended up not using your action and just incorporated what we ended into our workflow file.

fc avatar Apr 01 '20 22:04 fc

Thank for you analysis. At that moment I don't have spare time to get that value, reset default value and restore. PR are welcome.

ad-m avatar Apr 05 '20 09:04 ad-m

@fc, could you verify that regarding #46?

ad-m avatar May 26 '20 20:05 ad-m

@ad-m we ended up not using this action to achieve what we wanted so I am unable to validate unfortunately.

fc avatar May 26 '20 21:05 fc

I am seeing this issue too here, however, in https://github.com/ad-m/github-push-action/issues/55 people report that it's solved for them...

edit: I wasn't using the right scopes for my PAT, it works now.

basnijholt avatar Jul 13 '20 09:07 basnijholt

https://github.com/ad-m/github-push-action/issues/44#issuecomment-581706892 This solved the issue for me. Hope this helps others.

IronCore864 avatar Feb 10 '21 10:02 IronCore864

Using the standalone and cross-platform "GCM" (Git Credential Manager) indirectly solved this problem for me (on a Windows 1O platform)

I installed it from this resource : https://github.com/microsoft/Git-Credential-Manager-Core/releases/tag/v2.0.498

(https://github.com/microsoft/Git-Credential-Manager-Core)

Once it is installed, the first push operation (or pull) displays a prompt allowing to reach the remote GitHub. It didn't work well with the Personal Access Token, but this tool also allows to open the GitHub HTML page, by providing the "classic" username and password. It apparently stores the credentials in a cache. Commits and pushes both work with the Bash console and TortoiseGit. I'm not sure what happens when the token expires though...

ftheeten avatar Sep 10 '21 18:09 ftheeten

For me, I used permissions: write-all to make it work with my custom git push command.

on:
  push:
    branches:
      - dev

permissions: write-all

jobs:

xianshenglu avatar Apr 30 '22 08:04 xianshenglu

For me, I used permissions: write-all to make it work with my custom git push command.

on:
  push:
    branches:
      - dev

permissions: write-all

jobs:

This really helps me, thanks a lot!

liqwang avatar Mar 14 '23 15:03 liqwang