Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: integration tests with coverage enabled fails on deploy-pages step due to GITHUB_TOKEN permissions error #2216

Closed
RyanGlScott opened this issue Feb 7, 2025 · 2 comments · Fixed by #2218
Closed

CI: integration tests with coverage enabled fails on deploy-pages step due to GITHUB_TOKEN permissions error #2216

RyanGlScott opened this issue Feb 7, 2025 · 2 comments · Fixed by #2218
Assignees
@RyanGlScott
Labels
tooling: CI Issues involving CI/CD scripts or processes type: bug Issues reporting bugs or unexpected/unwanted behavior
Milestone
2024T3

Comments

@RyanGlScott
Copy link
Contributor

As seen in this CI log:

Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
    at Function.<anonymous> (/home/runner/work/_actions/actions/deploy-pages/v4/node_modules/@actions/core/lib/oidc-utils.js:71:1)
    at Generator.next (<anonymous>)
    at /home/runner/work/_actions/actions/deploy-pages/v4/node_modules/@actions/core/lib/oidc-utils.js:8:1
    at new Promise (<anonymous>)
    at __webpack_modules__.98041.__awaiter (/home/runner/work/_actions/actions/deploy-pages/v4/node_modules/@actions/core/lib/oidc-utils.js:4:1)
    at Function.getIDToken (/home/runner/work/_actions/actions/deploy-pages/v4/node_modules/@actions/core/lib/oidc-utils.js:57:1)
    at Object.<anonymous> (/home/runner/work/_actions/actions/deploy-pages/v4/node_modules/@actions/core/lib/core.js:315:1)
    at Generator.next (<anonymous>)
    at /home/runner/work/_actions/actions/deploy-pages/v4/node_modules/@actions/core/lib/core.js:27:1
    at new Promise (<anonymous>)
Error: Ensure GITHUB_TOKEN has permission "id-token: write".

The documentation for the deploy-pages action suggests explicitly enabling the following permissions for GITHUB_TOKEN, which our CI does not currently do:

    # Grant GITHUB_TOKEN the permissions required to make a Pages deployment
    permissions:
      pages: write      # to deploy to Pages
      id-token: write   # to verify the deployment originates from an appropriate source

I will try this to see if it fixes the issue.
@RyanGlScott RyanGlScott added tooling: CI Issues involving CI/CD scripts or processes type: bug Issues reporting bugs or unexpected/unwanted behavior labels Feb 7, 2025
@RyanGlScott RyanGlScott self-assigned this Feb 7, 2025
RyanGlScott added a commit that referenced this issue Feb 7, 2025
@RyanGlScott
CI: Grant write permissions for GITHUB_TOKEN to make deploy-pages usable
8372419 
As recommended in
https://github.com/actions/deploy-pages/blob/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a/README.md#usage

Fixes #2216.
@RyanGlScott RyanGlScott mentioned this issue Feb 7, 2025
Closed
@RyanGlScott
Copy link
Contributor Author

Never mind, we are already specifying these options:

saw-script/.github/workflows/ci.yml

Lines 546 to 548 in 01f534b

permissions:
pages: write
id-token: write

Back to the drawing board...

@RyanGlScott
Copy link
Contributor Author

@sauclovian-g points out that the PR where this step fails comes from a fork outside the GaloisInc organization, and the deploy-pages step in CI is missing a github.event.pull_request.head.repo.fork == false && github.repository_owner == 'GaloisInc' check (as is done in a similar deploy-pages–based setup here in cryptol's CI). We should try adding this check to the deploy-pages step in saw-script's CI.

@RyanGlScott RyanGlScott mentioned this issue Feb 7, 2025
Merged
@sauclovian-g sauclovian-g added this to the 2024T3 milestone Feb 7, 2025
@RyanGlScott RyanGlScott mentioned this issue Feb 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RyanGlScott RyanGlScott

Labels
tooling: CI Issues involving CI/CD scripts or processes type: bug Issues reporting bugs or unexpected/unwanted behavior
Projects
None yet
Milestone
2024T3
2 participants
@RyanGlScott @sauclovian-g