scality
CI fails in forks
https://github.com/check-spelling-sandbox/backbeat/actions/runs/17669871944/job/50219053665
Run scality/[email protected]
Run gh release download -R scality/action-prom-render-test -p 'alertgen' --skip-existing
gh release download -R scality/action-prom-render-test -p 'alertgen' --skip-existing
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
GITHUB_TOKEN:
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
env:
GH_TOKEN: ${{ github.token }}
https://github.com/scality/backbeat/blob/07cff4696b817f51e8f61afba92d85490e617ea3/.github/workflows/alerts.yaml#L17-L35
You can add an if: to restrict workflows to only run in this repository (if: github.repository == 'scality/backbeat)
https://github.com/check-spelling-sandbox/backbeat/actions/runs/17669871946/job/50219053638
Error: buildx failed with: ERROR: failed to build: failed to solve: failed to push ghcr.io/check-spelling-sandbox/backbeat:724a0e9a06363684a41b096dee577f92eeaa8ae2: denied: installation not allowed to Create organization package
https://github.com/scality/backbeat/blob/724a0e9a06363684a41b096dee577f92eeaa8ae2/.github/workflows/docker-build.yaml#L9-L15
The fix per https://github.com/orgs/community/discussions/57724#discussioncomment-9967502 is to add:
permissions:
contents: read
packages: write
attestations: write
id-token: write
(Either at the top of the workflow or in the job.)
Note that this isn't a fork specific failure, it just means your repository/organization isn't configured to be paranoid (and it should be).
