deployments icon indicating copy to clipboard operation
deployments copied to clipboard

Published 20 hours ago verified publisher icon bobheadxi

Add docs about permissions to fine-grained token

Open ai opened this issue 2 years ago • 2 comments

I created fine-grained token with access to a website repo and with deployments, environments, metadata, and content permissions.

But it failed on delete-env step because of the lack of permissions:

Run bobheadxi/deployments@v1
targeting ***/browsersl.ist
preview-490: found 2 existing deployments for env
preview-490.834080669: setting deployment (f188baad63570c539de0822405606d801f406259) state to "inactive"
preview-490.834079597: setting deployment (d30b4dddb858ef072d94955b8556f80ab0967443) state to "inactive"
preview-490: 2 deployments updated
preview-490.834080669: deleting deployment (f188baad63570c539de0822405606d801f406259)"
preview-490.834079597: deleting deployment (d30b4dddb858ef072d94955b8556f80ab0967443)"
preview-490: 2 deployments deleted
unexpected error encountered: HttpError: Resource not accessible by personal access token
Error: unexpected error encountered: HttpError: Resource not accessible by personal access token - see logs for more information

Here is a config:

name: Clean Preview
on:
  pull_request:
    types: [ closed ]
jobs:
  close:
    runs-on: ubuntu-latest
    steps:
      - name: Clean from GitHub
        uses: bobheadxi/deployments@v1
        with:
          step: delete-env
          token: ${{ secrets.DEPLOYMENTS_TOKEN }}
          env: preview-${{ github.event.number }}

ai avatar Mar 17 '23 01:03 ai

Same here, config:

name: Delete PR Preview Deployment

on:
  pull_request:
    types: [closed]
    branches:
      - dev

jobs:
  cleanup:
    permissions:
      deployments: write
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - name: Configure AWS credentials...
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-region: ap-southeast-2
          role-to-assume: x

      - name: Sync to S3...
        run: aws s3 rm 

      - name: Delete environment...
        uses: bobheadxi/deployments@v1
        with:
          step: delete-env
          token: ${{ github.token }}
          env: pr-${{ github.event.number }}

lucastobrazil avatar May 11 '23 13:05 lucastobrazil

I have the same issue, using the GitHub application token with read/write permission to deployments, and environments, I still get the same error.

aabouzaid avatar Jun 06 '23 15:06 aabouzaid

@bobheadxi maybe you configured the token in some project and can share the way how to create it?

I can make a PR to docs if I will know how to delete env with PAT (and how to create PAT for that).

ai avatar Mar 24 '24 23:03 ai

I found out that you need deployments:write and administration:write permissions

ai avatar Mar 26 '24 04:03 ai

Thanks folks - GitHub has introduced a lot of changes around permissions in Actions in the years (!) since I've actively worked on this tool, so documentation contributions to account for these is much appreciated ❤️

bobheadxi avatar Mar 26 '24 04:03 bobheadxi