release-please-action
release-please-action copied to clipboard
Release please fails after moving a repository to a new organization
TL;DR
Release-please was working fine. After moving the repo to a new organization, it fails suddenly.
Expected behavior
working without error as nothing has been changed
Observed behavior
Fails with an error message (see log below)
Action YAML
on:
push:
branches:
- main
name: release-please
jobs:
release-please:
runs-on: ubuntu-latest
steps:
- uses: GoogleCloudPlatform/release-please-action@v3
id: release
with:
release-type: python
package-name: yte
- uses: actions/checkout@v2
if: ${{ steps.release.outputs.release_created }}
- uses: actions/setup-python@v2
if: ${{ steps.release.outputs.release_created }}
with:
python-version: "3.9"
- name: Setup poetry
if: ${{ steps.release.outputs.release_created }}
uses: abatilo/[email protected]
- name: Install Dependencies using Poetry
if: ${{ steps.release.outputs.release_created }}
run: poetry install
- name: Publish to PyPi
if: ${{ steps.release.outputs.release_created }}
env:
PYPI_USERNAME: __token__
PYPI_PASSWORD: ${{ secrets.PYPI_TOKEN }}
run: poetry publish --build --username $PYPI_USERNAME --password $PYPI_PASSWORD
Log output
Run GoogleCloudPlatform/release-please-action@v3
with:
release-type: python
package-name: yte
token: ***
fork: false
clean: true
bump-minor-pre-major: false
bump-patch-for-minor-pre-major: false
monorepo-tags: false
draft: false
draft-pull-request: false
✔ Looking for latest release on branch: main with prefix:
✔ Building releases
✔ Building strategies by path
✔ Building release for path: .
Error: release-please failed: Resource not accessible by integration
Additional information
The repo was moved to a new organization.
With release-please-action 3.2.6, the output is a bit more verbose, maybe that helps?
✔ Retry attempt #3...
at /home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:14510:21
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async createBranch (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:19277:26)
at async branch (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:19305:9)
at async retry.retries (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:20001:48)
at async createPullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:20001:24)
at async /home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:80263:30
at async GitHub.createPullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:81117:20)
at async GitHub.createReleasePullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:81008:16)
at async Manifest.createOrUpdatePullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:8[162](https://github.com/yte-template-engine/yte/runs/6722111521?check_suite_focus=true#step:2:162)1:32) {
status: 403,
response: {
url: 'https://api.github.com/repos/yte-template-engine/yte/git/refs',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Fri, 03 Jun 2022 07:46:12 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '07C2:7A4A:8177BD:1217065:6299BC43',
'x-ratelimit-limit': '1000',
'x-ratelimit-remaining': '932',
'x-ratelimit-reset': '1654245533',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '68',
'x-xss-protection': '0'
},
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/reference/git#create-a-reference'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/yte-template-engine/yte/git/refs',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-rest.js/18.12.0 octokit-core.js/3.6.0 Node.js/12.22.7 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"ref":"refs/heads/release-please--branches--main--components--yte","sha":"abf3d95c1a241088f24825606034e35c0600be7b"}',
request: { hook: [Function: bound bound register] }
}
}
✔ Successfully found branch HEAD sha "abf3d95c1a241088f24825606034e35c0600be7b".
✖ Error when creating branch
✖ RequestError [HttpError]: Error creating Pull Request: Resource not accessible by integration
✔ Retry attempt #4...
at /home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:14510:21
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async createBranch (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:19277:26)
at async branch (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:19305:9)
at async retry.retries (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:20001:48)
at async createPullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:20001:24)
at async /home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:80263:30
at async GitHub.createPullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:81117:20)
at async GitHub.createReleasePullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:81008:16)
at async Manifest.createOrUpdatePullRequest (/home/runner/work/_actions/GoogleCloudPlatform/release-please-action/v3/dist/index.js:81621:32) {
status: 403,
response: {
url: 'https://api.github.com/repos/yte-template-engine/yte/git/refs',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Fri, 03 Jun 2022 07:46:36 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '07C2:7A4A:817D81:1217D3B:6299BC5C',
'x-ratelimit-limit': '1000',
'x-ratelimit-remaining': '929',
'x-ratelimit-reset': '[165](https://github.com/yte-template-engine/yte/runs/6722111521?check_suite_focus=true#step:2:165)4245533',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '71',
'x-xss-protection': '0'
},
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/reference/git#create-a-reference'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/yte-template-engine/yte/git/refs',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-rest.js/18.12.0 octokit-core.js/3.6.0 Node.js/12.22.7 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"ref":"refs/heads/release-please--branches--main--components--yte","sha":"abf3d95c1a241088f24825606034e35c0600be7b"}',
request: { hook: [Function: bound bound register] }
}
}
I've found the problem. It is important that the permissions for actions are set to
- read and write, and
- create pull requests
Aparently, this was the default so far, but seems to have changed recently when a new organization is created. Now, these permissions have to be set on the organization and repository level. The settings are described here: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository
I suggest to add this information to the release please docs.
I just ran into the same issue. The settings referenced can be found under the repositories settings: https://github.com/{username}/{repository}/settings/actions
:
An important note: If you work within an organization you have to enable the organization's actions settings: https://github.com/organizations/{organizationName}/settings/actions
I personally prefer to adhere to the principle of least privilege. So in my projects I keep the default "read only" setting and instead add the following to my action YAML for release-please
:
jobs:
release-please:
permissions:
contents: write
pull-requests: write
This needs to be done per job and ensures that each job has to request the permissions it actually needs. This avoids potential unwanted side effects.
Note that this still requires ticking "Allow GitHub Actions to create and approve pull requests" in the actions settings, even though we specifically request the permission in the YAML file.
Closing