auto-assign-review-teams icon indicating copy to clipboard operation
auto-assign-review-teams copied to clipboard

Published 20 hours ago verified publisher icon rowi1de

Getting "Validation Failed: "Could not resolve to a node with the global id of..." error

Open danielsht86 opened this issue 5 years ago • 16 comments

I've set up the following workflow:

name: "Assign Review Candidates"
on:
  pull_request:
    types: [labeled]

jobs:
  assign-reviewers:
    runs-on: ubuntu-latest
    steps:
      - name: "Assign NodeJS Review Candidate Team"
        if: github.event.label.name == 'nodejs-pr'
        uses: rowi1de/[email protected]
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          teams: "nodejs-reviewers-candidates"         # only works for GitHub Organisation/Teams
          include-draft: false            # Draft PRs will be skipped (default: false)
          skip-with-manual-reviewers: 10   # Skip this action, if the number of reviewers was already assigned (default: 0)
      - name: "Assign App Review Candidate Team"
        if: github.event.label.name == 'app-pr'
        uses: rowi1de/[email protected]
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          teams: "app-reviewers-candidates"         # only works for GitHub Organisation/Teams
          include-draft: false            # Draft PRs will be skipped (default: false)
          skip-with-manual-reviewers: 10   # Skip this action, if the number of reviewers was already assigned (default: 0)

and I've verified that the action is getting called. However, I'm getting the following error when it's run:

Run rowi1de/[email protected]
  with:
    repo-token: ***
    teams: nodejs-reviewers-candidates
    include-draft: false
    skip-with-manual-reviewers: 10
Adding teams: nodejs-reviewers-candidates, persons: 
##[error]Validation Failed: "Could not resolve to a node with the global id of 'MDQ6VGVhbTM3MDM1NzY='."
(node:2794) UnhandledPromiseRejectionWarning: HttpError: Validation Failed: "Could not resolve to a node with the global id of 'MDQ6VGVhbTM3MDM1NzY='."
    at /home/runner/work/_actions/rowi1de/auto-assign-review-teams/v1.0.0/lib/index.js:8052:23
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(node:2794) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:2794) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

It appears that if I type a non existing team, I don't get any errors. But if I type the team that does exist (which has write access to my repo btw), I get this error. Not sure if this is a bug, or user error. Any pointers would be appreciated. Thanks!

danielsht86 avatar Mar 11 '20 23:03 danielsht86

Have you tried passing a different SECRET than secrets.GITHUB_TOKEN ? I am not 100% sure but I remember getting a similar error which was resolved passing a SECRET which had the correct/needed authorizations.

adipatel avatar Mar 27 '20 06:03 adipatel

The GitHub Token contained in the workflow is the correct one. You can use:add a personal token, but than the action will act under your name in the PR.

I created an issue in core/octocit, because it happens in the library not the action code itself.

Maybe this issue is fixed in newer version.

https://github.com/actions/toolkit/issues/233

rowi1de avatar Mar 28 '20 09:03 rowi1de

Ok, I also get this issue in my Organisation Repo. The Failing API is https://developer.github.com/v3/pulls/review_requests/#create-a-review-request

 await client.pulls.createReviewRequest(
      {
        owner: issue.owner,
        repo: issue.repo,
        pull_number: issue.number,
        reviewers: persons,
        team_reviewers: teams
      }
    )

@danielsht86, @adipatel please try to prefix your Organisation Name in front of the Team Name, that removes the Failure e.g. teams:@<Org>/<team>

rowi1de avatar Apr 09 '20 06:04 rowi1de

@danielsht86 is this still a thing?

rowi1de avatar Jul 21 '20 12:07 rowi1de

@danielsht86 is this still a thing?

I no longer have access to the codebase where this was an issue, so am unable to verify that this has been resolved. Feel free to close this.

danielsht86 avatar Jul 22 '20 16:07 danielsht86

Could we reopen this? I could reproduce the issue: https://github.com/percona/mongodb_exporter/pull/254

https://github.com/percona/mongodb_exporter/actions/workflows/ready-for-review.yml

I tried workaround it with adding prefixes to the team, action succeeds but it actually doesn't assign the team:

Adding teams: teams:@percona/pmm-review-exporters
Request Status:201, Teams:

denisok avatar Mar 24 '21 17:03 denisok

I am facing the same issue action succeeds but team is not getting assigned. Do we need to give additional permissions to GITHUB_TOKEN ? Any pointers would be appreciated. Thankyou

ruchi1106 avatar Jul 29 '21 09:07 ruchi1106

Issue still exists

ghost avatar Oct 28 '21 05:10 ghost

I was getting a very similar error with another action when trying to add a team as a reviewer. I'm using a GitHub App, and had to add read-only access to Members to get it to work. Just throwing this out there in case this helps anyone!

irphilli avatar Nov 12 '21 16:11 irphilli

Thanks @irphilli I’ll add this to the readme

rowi1de avatar Nov 12 '21 16:11 rowi1de

@rowi1de @irphilli could you please elaborate? Read only access for the team members? If I don't use App, what perm should I give to whom?

denisok avatar Nov 16 '21 08:11 denisok

I’ve just encountered the same Could not resolve to a node with the global id of issue and the solution was quite effortful, so I hope this helps:

  1. The root cause is that the underlying API request uses ${{ secrets.GITHUB_TOKEN }}, which misses the required permissions to add teams as reviewers.
  2. As a workaround, you need to create a personal access token (PAT) with repo permissions (click the top-level repo checkbox).
  3. To make that personal access token available to your organization's GitHub action, add the token as a secret.
  4. Switch the repo-token in the GitHub action itself to use the new secret, e.g. repo-token: ${{ secrets.NAME_OF_MY_SECRET_CONTAINING_PAT_WITH_REPO_ACCESS }} instead of repo-token: ${{ secrets.GITHUB_TOKEN }}
  5. As teams for the GitHub action configuration, use just the last part of the full organization team name. If your team is @myFancyCompany/myTeam, use teams: 'myTeam'

As this is an underlying permission issue, I believe this isn’t a bug but could justify a section in README.md.

lukasnagl avatar Aug 02 '22 15:08 lukasnagl

@lukasnagl thanks for the detailed description, feel free to create a PR :)

rowi1de avatar Aug 02 '22 21:08 rowi1de

Looks like currently it is possible to add team to CODEOWNERS and that would add team during PR creation and assign ppl: https://github.com/percona/pmm/blob/main/.github/CODEOWNERS#L1

denisok avatar Aug 03 '22 08:08 denisok

Adding CODEOWNERS imposed different restrictions / implications. This is why this Action was created

rowi1de avatar Aug 03 '22 08:08 rowi1de

@lukasnagl thanks for that explanation, any idea what permissions I'd need to authorize if I use a Github App to authenticate?

jlu-barracuda avatar Sep 01 '22 17:09 jlu-barracuda