Failure on forked repo - Token secret not supplied

[jon-nfc]

On a forked repo the secret is not available. figure out a way to have this workflow run. Test should have already been done in the scratchpad, however they weren't. this was the purpose of nofusscomputing/scratchpad#8

• ❓ Can the git job token be used??

Run actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e
  with:
    project-url: https://github.com/orgs/nofusscomputing/projects/[3](https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28742085387#step:2:3)
Error: Input required and not supplied: github-token

Debugging

• 🔴 Action: opened by collaborator

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144059

• 🔴 Action: assigned by collaborator

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478

• 🔴 Action: edited by collaborator_

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382453884

• 🟢 Action: milestoned by repo owner

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381380285

• 🟢 Action: assigned by repo owner

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382250836

• 🔴 Action: edited by repo owner

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382256327

Proposed Solution 1

Split workflow into two parts. Triage runs in the context of the issue/PR and on completion triggers (workflow_run) the actual workflow which should run in the context of the repo. Idea is the same as this action

for this to work the details of what was triaged will be required to be passed to triggered workflow.

• triage.yaml

---

name: Triage


on:
  issues:
    types:
      - opened
      - reopened
      - transferred
      - milestoned
      - demilestoned
      - closed
      - assigned
  pull_request: 
    types:
      - opened
      - edited
      - assigned
      - reopened
      - closed


jobs:


  project:
    name: Fetch Triage Details
    runs-on: ubuntu-latest
    steps:

    - name: Collect Triage Details
      shell: bash
      run: |
        echo "triage_event_name=${{ github.event_name }}" > triage_details-project.txt;
        echo "triage_event_action=${{ github.event.action }}" >> triage_details-project.txt;

        if [ "${{ github.event_name }}" == 'pull_request' ]; then
        
          echo "triage_item_number=${{ github.event.pull_request.number }}" >> triage_details-project.txt;

          echo "triage_item_url=https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}" >> triage_details-project.txt;

        else

          echo "triage_item_number=${{ github.event.issue.number }}" >> triage_details-project.txt;

          echo "triage_item_url=https://github.com/${{ github.repository }}/issues/${{ github.event.issue.number }}" >> triage_details-project.txt;

        fi;


        echo "[Debug]************************************";

        cat triage_details-project.txt;

        echo "[Debug]************************************";


      - name: Upload Triage Data
        uses: actions/upload-artifact@v4
        with:
          name: triage-details-project
          path: triage_details-project.txt

• project.yaml

---

name: 'Project'
on:
  workflow_run:
    workflows:
      - 'Triage'
    types:
      - completed


permissions:
  contents: read
  actions: read


jobs:

  prepare-project-triage: 
    name: Project Triage
    runs-on: ubuntu-latest
    outputs:
      triage_event_name: ${{ steps.triage-output.outputs.triage_event_name }}
      triage_event_action: ${{ steps.triage-output.outputs.triage_event_action }}
      triage_item_number: ${{ steps.triage-output.outputs.triage_item_number }}
      triage_item_url: ${{ steps.triage-output.outputs.triage_item_url }}
    steps:

      ## Additional Steps

      - name: Fetch triage Details
        uses: actions/download-artifact@v4
        with:
          name: triage-details-project
          run-id: ${{ github.event.workflow_run.id }}


      - name: Set Outputs
        id: triage-output
        shell: bash
        run: |
          cat triage_details-project.txt > $GITHUB_OUTPUT


  project:
    name: Project
    needs:
      - prepare-project-triage
    uses: nofusscomputing/action_project/.github/workflows/project.yaml@development
    with:
      PROJECT_URL: https://github.com/orgs/nofusscomputing/projects/3
      TRIAGE_EVENT_NAME: ${{ needs.prepare-project-triage.outputs.triage_event_name }}
      TRIAGE_EVENT_ACTION: ${{ needs.prepare-project-triage.outputs.triage_event_action }}
      TRIAGE_ITEM_NUMBER: ${{ needs.prepare-project-triage.outputs.triage_item_number }}
      TRIAGE_ITEM_URL: ${{ needs.prepare-project-triage.outputs.triage_item_url }}
    secrets:
      WORKFLOW_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}

Solution 1 Problem

There does not appear to be a way to specify the item url for action actions/add-to-project

• ref: Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341

  Adds feature that allows specifying via payload

Links

• Blocks: feat(playbooks): migration of centurion playbooks to github ansible_collection_centurion#17

• Blocked By: Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341

• Related: Add CI to the Repo ansible_collection_centurion#15

• Related: new line scratchpad#8 namely comment

• Related: Action does not work on PRs from forks actions/add-to-project#163

• Ref: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28742085387

Tasks

• 🚧 Does "Proposed solution 1" work

  • Update workflow to use proposed TRIAGE_ variables

    TRIAGE_EVENT_NAME: ${{ needs.prepare-project-triage.outputs.triage_event_name }}
    TRIAGE_EVENT_ACTION: ${{ needs.prepare-project-triage.outputs.triage_event_action }}
    TRIAGE_ITEM_NUMBER: ${{ needs.prepare-project-triage.outputs.triage_item_number }}
    TRIAGE_ITEM_URL: ${{ needs.prepare-project-triage.outputs.triage_item_url }}

    • All Conditional statements updated for TRIAGE_ variables

    • Add to project action receives specified item_number

    • update field actions receives specified item_number

    • 🟢 Partial success. see Failure on forked repo - Token secret not supplied #3 (comment)

    • 🟢 forked repo test was a success for secrets access. Failure on forked repo - Token secret not supplied #3 (comment)

/cc @jasonpagetas

[jon-nfc]

post commit https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28796857364

[jon-nfc]

Test implemented - Solution 1

• feat(inputs): add new vars TRIAGE_* #4 has been merged, test out workflow with new vars
• First workflow run: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400673288/job/28801667919#step:2:1

On merge

• 🟢 Triage.yaml https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400726091

  • 🔴 Project.yaml: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400729347

    
    Run actions/download-artifact@v4
    with:
        name: triage-details-project
        run-id: 10400726091
        merge-multiple: false
        repository: nofusscomputing/ansible_collection_centurion
    Downloading single artifact
    Error: Unable to download artifact(s): Artifact not found for name: triage-details-project
            Please ensure that your artifact is not expired and the artifact was uploaded using a compatible version of toolkit/upload-artifact.
            For more information, visit the GitHub Artifacts FAQ: https://github.com/actions/toolkit/blob/main/packages/artifact/docs/faq.md
    
    

    • Artifact does exist. may be permissions