-
Notifications
You must be signed in to change notification settings - Fork 981
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Property job_workflow_sha in context github is not available #2417
Comments
as a side note, I cannot find any context in which name: pr
on:
pull_request:
branches: [main]
env:
WORKFLOW_REF_ROOT_ENV: ${{ github.job_workflow_sha }}
jobs:
pullrequest:
uses: ./.github/workflows/pullrequest.yml
secrets: inherit
with:
workflow-ref: ${{ github.job_workflow_sha }} results in blank inputs and missing ${{ env.WORKFLOW_REF_ROOT_ENV }}
|
I checked documentation source code, seems this property is subject of some condition (contrary to other ones):
Can I kindly ask authors of this commit about a little more context about what this condition is about? How I can enable it? cc: @jc-clark @lucascosti |
Hi @kkurczewski, I don't work at GitHub anymore, so I'll let @jc-clark answer your question. 🙂 (👋 Hi Joe 😁) |
There is still no solution for this, is it? |
Still hitting this: https://github.com/pdxjohnny/scitt-api-emulator/actions/runs/6178211970/job/16771062928#step:9:17
|
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Apologies this is a documentation bug and I would recommend the community feedback discussions as a place to request any missing product feature. Good to focus on the scenario, since would not only help prioritize but also may help determine a different solution. |
I found a workaround by requesting the token and extracting the claim. However, this only works on jobs which run within the repo’s context, not pull requests for example. |
* Add plugin helper entrypoint_style_load() to assist with loading auth middleware * Add server CLI arg for Flask middleware loaded via entrypoint style load plugin helper * OIDC auth middleware plugin * Refactor test Service expose url with bound port to Flask app * In preperation for use by flask test app used as OIDC endpoints * Tests for OIDC based auth middleware * Update pip, setuptools, wheel to avoid deprecation warning on dependency install. * Example CI job for GitHub Actions OIDC authenticated notary * Token is not available within pull_request context. * Document OIDC authentication middleware usage with GitHub Actions * Validation of OIDC claims via JSON schema validator Related: slsa-framework/slsa-github-generator#131 Related: slsa-framework/slsa-github-generator#358 Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
…unity#31) * Add plugin helper entrypoint_style_load() to assist with loading auth middleware * Add server CLI arg for Flask middleware loaded via entrypoint style load plugin helper * OIDC auth middleware plugin * Refactor test Service expose url with bound port to Flask app * In preperation for use by flask test app used as OIDC endpoints * Tests for OIDC based auth middleware * Update pip, setuptools, wheel to avoid deprecation warning on dependency install. * Example CI job for GitHub Actions OIDC authenticated notary * Token is not available within pull_request context. * Document OIDC authentication middleware usage with GitHub Actions * Validation of OIDC claims via JSON schema validator Related: slsa-framework/slsa-github-generator#131 Related: slsa-framework/slsa-github-generator#358 Related: actions/runner#2417 (comment) Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
Working solution here using this action ~ dariocurr/checkout-called |
Describe the bug
The property
github.job_workflow_sha
is not set in a job using a reusable workflow.Documentation at https://docs.github.com/en/actions/learn-github-actions/contexts#github-context states that "For jobs using a reusable workflow, the commit SHA for the reusable workflow file.".
To Reproduce
.github/workflows/test.yml
:.github/workflows/reuse.yml
:The context github is printed, but there is no key job_workflow_sha. The output of ${{github.job_workflow_sha}} is empty.
The behavior is the same whether reuse.yml is in the same repository as test.yml or in a different repository.
Expected behavior
There is a key job_workflow_sha matching the commit SHA of the reusable workflow file as displayed in the job log under "Set up job" as "Uses: <owner>/<repository>/.github/workflows/reuse.yml@refs/heads/<branchname> (<SHA>)".
Runner Version and Platform
Runner version: 2.301.1
Platform: Ubuntu 22.04.1 LTS
Runner Image: ubuntu-22.04 20230129.2
What's not working?
The property job_workflow_sha is not available in the context github of the reusable workflow although the documentation states it should be there.
The text was updated successfully, but these errors were encountered: