quarkus-github-action icon indicating copy to clipboard operation
quarkus-github-action copied to clipboard
verified publisher icon quarkiverse

Running an action deployed in a private repository doesn't work in the manner described in the docs

Open gcw-it opened this issue 1 year ago • 2 comments

Deploying the example action in a private repository (with adjusted visibility, according to the instructions) and calling it from another private repo under the same user, results in an error:

Error: [2:875] [ERROR] Could not resolve dependencies: The following artifacts could not be resolved: <groupId>:<artifactId>:jar:<version>(absent): Could not find <groupId>:<artifactId>:jar:<version> in quarkus-github-action (https://maven.pkg.github.com/<user/org>/<repo>)

The problem is, that calling the action with an automatically generated token github-token: ${{ secrets.GITHUB_TOKEN }} doesn't seem to work in a private repository.

Instead you need to create/use a personalised access token with read:packages scope, set it as secret in the settings of the repo calling the action, and reference it from your workflow e.g. github-token: ${{ secrets.MY_ACTION_TOKEN }}.

When following this procedure, the action succeeds.

If desired, I could create a PR, with proposed changes to the documentation.

gcw-it avatar Aug 18 '24 11:08 gcw-it

Is the automatic token using the new advanced permissions? Would it work when given the package read permission?

In any case, yes, documentation patches are highly welcome!

gsmet avatar Aug 18 '24 13:08 gsmet

The new fine grained permissions don't allow package access yet.

What type the automatically generated token actually is, I have no idea.

What do you exactly mean by:

Would it work when given the package read permission?

This seems to be a known issue, as can be seen in this discussion and this issue.

Creating a token with read:packages scope allowed to mitigate this issue, but I admit using access privileges to all packages on an organisational level, to grant access to an action package isn't very pretty.

I would mention this possibility in the documentation, to get the example working in a private repository. This could be amended in the future, if a better solution appears.

There may be a possibility to grant access to selected packages on an organisational level, but I can't verify this on a personal account.

gcw-it avatar Aug 18 '24 14:08 gcw-it