al-folio icon indicating copy to clipboard operation
al-folio copied to clipboard

Published 20 hours ago verified publisher icon alshedivat

Failed to sync the repo (using workflow in Actions)

Open lenhattu opened this issue 1 year ago • 8 comments

I followed this instruction: https://github.com/alshedivat/al-folio#upgrading-from-a-previous-version

But there seems to be still a workflow permission issue as follows in the actions-template-sync step.

! [remote rejected] chore/template_sync_85f2590 -> chore/template_sync_85f2590 (refusing to allow a GitHub App to create or update workflow .github/workflows/deploy-docker-tag.yml without workflows permission)

lenhattu avatar Nov 10 '23 19:11 lenhattu

I also tried creating a personal token (fine-grained) but it's returning the same error. I did notice that Pull template of the step actions-template-syncreports a series of conflicts. I understand that some changes might lead to a conflict but this is too much:

Merge conflict in _pages/publications.md I mean, of course I want to update the publications.

I also tried to clone the tag, and then merge my repo, hoping it would just overwrite the non-conflicting changes, but using the template does not import the history.

At this point, I wonder if this is a design issue.

hectorpal avatar Dec 03 '23 20:12 hectorpal

The action is working after I updated to 0.10.1. But the PR is useless as it's overwritting simple information like _bibliography/papers.bib. Perhaps I messed up something while modifying the template.

hectorpal avatar Dec 04 '23 21:12 hectorpal

I believe building a perfect solution for this is kind of tricky. My current solution is, in my site I have the main branch and the dev branch. The main branch is the one I keep up-to-date with the actions-template-sync, while the dev branch is where all the changes I made are. Every once in a while I update my main branch with the PR created from the GitHub action, then merge it with my branch. It is also not perfect, but is the best solution I found so far.

george-gca avatar Dec 14 '23 16:12 george-gca

I think it's all about removing the implicit assumption that all files are imported. It'd be simpler if the default content is in some directories and users are invited to create new directories for their content, and set the paths in the main config file. In that way, new versions would only change the unchanged default content, and we will need to solve changes in our be configuration.

hectorpal avatar Dec 14 '23 16:12 hectorpal

I don't think I understand.

george-gca avatar Dec 14 '23 16:12 george-gca

For instance, the repo contains projects examples at ./_projects, all the them are *.md. The repo is wired to load all the files at ./_projects.

Creating a site using this repo involves deleting or modifying those files for our own projects. If there is a new version, we will be forced to solve conflicts. The best we can do is use another file name.

I'm saying it'd be cleaner if the default configuration file says that the projects are ./_projects, and we change that to ._my_projects. That would be easier to merge.

It'd be even easier if the configuration files is a template and part of the setup is to copy it and modify. In this way, merging might always work if we didn't modify more low level things like the html. But even that path could be in a config files.

I hope it's more clear now. It's just an idea

hectorpal avatar Dec 15 '23 17:12 hectorpal

I don't think this would solve things, because at every new feature and post, for example, you would have files being created in a directory that is not being used at all, so the merge would still have to be manually done.

I can't think right now of a solution that would avoid this, but I understand your pain. I tend to apply all the updates to this repo every once in a while to my site.

george-gca avatar Jan 02 '24 22:01 george-gca

@lenhattu Are you trying to sync the template? I had the same issue as you and there is a workaround described here.

I created a fine-grained PAT token to allow contents: write, workflows: write, metadata: read.

Add the token as a repository secret.

Then, this is how I ultimately got it to work in my main.yml

name: Sync from template
on:
  # cronjob trigger
  schedule:
    - cron: "0 0 1 * *"
  # manual trigger
  workflow_dispatch:
jobs:
  repo-sync:
    runs-on: ubuntu-latest
    permissions: # I don't think these are actually needed, but haven't tested without.
      contents: write
      pull-requests: write
      actions: write
    steps:
      # To use this repository's private action, you must check out the repository
      - name: Checkout
        uses: actions/checkout@v4
        with: #### This with: token: part is what fixed it for me ####
          token: ${{ secrets.THE_TOKEN_YOU_CREATED }}

      - name: actions-template-sync
        uses: AndreasAugustin/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          source_repo_path: alshedivat/al-folio
          upstream_branch: upstream-changes # (I pull changes into a dedicated branch instead of my main/master)

emdeh avatar Feb 21 '24 02:02 emdeh

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 21 '24 12:04 stale[bot]