Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input required and not supplied: ${name} #26

Closed
rawnly opened this issue Aug 5, 2020 · 6 comments
Closed

Input required and not supplied: ${name} #26

rawnly opened this issue Aug 5, 2020 · 6 comments
Assignees
@amondnet
Labels
Type: Question Further information is requested

Comments

@rawnly
Copy link

rawnly commented Aug 5, 2020

Hi I'm getting this error, but I've added all the tokens to the repo settings.

immagine

immagine
@amondnet amondnet added the Type: Question Further information is requested label Aug 13, 2020
@amondnet amondnet self-assigned this Aug 13, 2020
@amondnet
Copy link
Owner

Do you still have problems?
Try again without name?

@amondnet
Copy link
Owner

amondnet commented Aug 13, 2020
edited
Loading

@rawnly

https://github.com/amondnet/vercel-action/runs/980730794?check_suite_focus=true

##[warning]Unexpected input(s) 'name', valid inputs are ['vercel-token', 'vercel-args', 'github-comment', 'github-token', 'github-deployment', 'working-directory', 'vercel-project-id', 'vercel-org-id', 'vercel-project-name', 'scope', 'zeit-token', 'now-args', 'now-project-id', 'now-org-id', 'alias-domains']

Unexpected input(s) 'name', valid inputs are...

@sk-
Copy link

sk- commented Jun 27, 2021

@amondnet we are getting these errors in PRs created by dependabot, other PRs are deployed successfully.

/home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:2205
        throw new Error(`Input required and not supplied: ${name}`);
        ^

Error: Input required and not supplied: vercel-token
    at Object.getInput (/home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:2205:15)
    at Object.679 (/home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:24158:26)
    at __webpack_require__ (/home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:22:30)
    at startup (/home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:37:19)
    at /home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:41:18
    at Object.<anonymous> (/home/runner/work/_actions/amondnet/vercel-action/v20/dist/index.js:44:10)
    at Module._compile (internal/modules/cjs/loader.js:959:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
    at Module.load (internal/modules/cjs/loader.js:815:32)
    at Function.Module._load (internal/modules/cjs/loader.js:727:14)

Our deployment step is set up as follows:

      - uses: amondnet/vercel-action@v20
        with:
          vercel-token: ${{ secrets.VERCEL_TOKEN }} # Required
          github-token: ${{ secrets.GITHUB_TOKEN }} #Optional
          vercel-org-id: ${{ secrets.VERCEL_ORG_ID}} #Required
          scope: ${{ secrets.VERCEL_ORG_ID }}
          vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID}} #Required
          vercel-args: "--confirm"
        id: "vercel_deploy"

@amondnet
Copy link
Owner

amondnet commented Jun 28, 2021
edited
Loading

@sk- Hi,

https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/

Starting March 1st, 2021 workflow runs that are triggered by Dependabot from push, pull_request, pull_request_review, or pull_request_review_comment events will be treated as if they were opened from a repository fork. This means they will receive a read-only GITHUB_TOKEN and will not have access to any secrets available in the repository. This will cause any workflows that attempt to write to the repository to fail.

I think you have two options.

  1. pull_request_target
    If your workflow needs to have a write token or access to secrets, you can use the pull_request_target event; however, please read
    Keeping your GitHub Actions and workflows secure: Preventing pwn requests to better understand the risks.

  2. Adding a repository secret for Dependabot
    You can store sensitive information, like passwords and access tokens, as encrypted secrets and then reference these in the Dependabot configuration file.
    https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot#adding-a-repository-secret-for-dependabot

@sk-
Copy link

sk- commented Jun 28, 2021 via email

@phil-lgr
Copy link

I stumbled on this multiple time, also check this formidable blog post : https://hugo.alliau.me/2021/05/04/migration-to-github-native-dependabot-solutions-for-auto-merge-and-action-secrets/#share-your-secrets-with-dependabot

@Jarmos-san Jarmos-san mentioned this issue Sep 3, 2021
Closed
@mokaymokay mokaymokay mentioned this issue Feb 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amondnet amondnet

Labels
Type: Question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sk- @amondnet @phil-lgr @rawnly