Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve error message on workflow file changes #368

Open
korthout opened this issue Jul 29, 2023 · 5 comments
Open

Improve error message on workflow file changes #368

korthout opened this issue Jul 29, 2023 · 5 comments
Labels
enhancement New feature or request

Comments

@korthout
Copy link
Owner

GitHub actions are not allowed to push changes to GitHub action workflow files. When you attempt to backport a pull request with this action that includes changes to a workflow file you'll see an error message that the push failed with exit code 1.

This error code is not helpful enough. We can include the reason for the error and the manual instructions to cherry pick the commits by hand.
@korthout korthout added the enhancement New feature or request label Jul 29, 2023
@grische grische mentioned this issue Aug 18, 2023
Merged
@macmiranda
Copy link

Hey @korthout hitting the exact same issue. Would you know what's the actual reason for this?

@korthout
Copy link
Owner Author

@macmiranda The default GITHUB_TOKEN used to push the commit has limited permissions. It does not allow to make changes to workflow files.

As a workaround, you can use a Personal Access Token with the workflow scope instead of the default GITHUB_TOKEN as the token input for the checkout action step.

Here's an example.

@macmiranda
Copy link

Thanks. It's a shame we can't just add the capability to the runner token

@korthout
Copy link
Owner Author

Absolutely agree. I guess GitHub sees a vulnerability, but it doesn't really apply to backport-action as it only deals with merged pull requests.

Let me know whether the workaround works for you, and I'd love to hear any other feedback on the action by the way. 🙇

@macmiranda
Copy link

Yes, the workaround worked fine. I don't like using PATs though, especially the classic ones, they are overly powerful. It also doesn't make sense to have a PAT for a repo under an organization because the person could leave the company at any time and then the PAT is worthless (we use an automation user for that, but it takes a paid seat of the organization 😞)

Anyway, cool GitHub action. Thanks for sharing it.

Looking forward to a solution for #39

It would also be cool if there was an option to merge the backported commit directly, without the PR.

katexochen added a commit to edgelesssys/contrast that referenced this issue May 21, 2024
@katexochen
ci: fix backport of workflow failures
ce1cb95 
Apparently passing a token with sufficient permission to the action
isn't enough, we also need to check out using that token.
See korthout/backport-action#368

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
@katexochen katexochen mentioned this issue May 21, 2024
Merged
katexochen added a commit to edgelesssys/contrast that referenced this issue May 21, 2024
@katexochen
ci: fix backport of workflow failures
424ecf8 
Apparently passing a token with sufficient permission to the action
isn't enough, we also need to check out using that token.
See korthout/backport-action#368

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
katexochen added a commit to edgelesssys/contrast that referenced this issue May 21, 2024
@katexochen
ci: fix backport of workflow failures
8a21eaa 
Apparently passing a token with sufficient permission to the action
isn't enough, we also need to check out using that token.
See korthout/backport-action#368

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@korthout @macmiranda