search

0x4007 / ubiquibot

Ubiquity GitHub Bot
MIT License
0 stars 2 forks source link

Knip CI #57

Closed gitcoindev closed 11 months ago

gitcoindev commented 1 year ago

Resolves #897

Quality Assurance:

a) Annotations: https://github.com/gitcoindev/ubiquibot/pull/17/files b) PR comment: https://github.com/gitcoindev/ubiquibot/pull/17#issuecomment-1828200946

Screenshot:

Screenshot from 2023-11-28 12-23-08

netlify[bot] commented 12 months ago

Deploy Preview for ubiquibot-production failed.

Name Link
Latest commit 2243c38ff84389ec25be91f6ecbe6c53c79aebda
Latest deploy log https://app.netlify.com/sites/ubiquibot-production/deploys/657701499664a300095b544f
0x4007 commented 11 months ago

CI failed. What's the status on this?

ubiquibot[bot] commented 11 months ago 
# Comment event received without a recognized user command.
ubiquibot[bot] commented 11 months ago 
# Comment event received without a recognized user command.
gitcoindev commented 11 months ago

CI failed. What's the status on this?

Permissions issue, I will try to reproduce on my org repo as on my fork it looks fine.

gitcoindev commented 11 months ago

CI failed. What's the status on this?

Permissions issue, I will try to reproduce on my org repo as on my fork it looks fine.

@pavlovcik I think I found the root cause.

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#changing-the-permissions-in-a-forked-repository

I suspect that your fork's https://github.com/pavlovcik/ubiquibot settings restrict access for my pull requests to add / modify comments and would have to change 'Workflow permissions' settings

Screenshot from 2023-12-19 22-46-41

https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token

I will check if perhaps also permissions can be reduced, currently the yaml workflow file uses permissions: write-all which seems too much.

0x4007 commented 11 months ago

Okay I'll try later today

gitcoindev commented 11 months ago

Hi @pavlovcik I dug deeper to check why CI fails here. It fails because the pull request is opened from a fork to a fork and not to the original bot repository. This situation is described at https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/#improvements-for-public-repository-forks and https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks .

I was able to reproduce the same permission issue in my personal fork https://github.com/gitcoindev/ubiquibot vs my org fork https://github.com/korrrba/ubiquibot as well. Therefore, once the pull request is merged into the original bot repository, the knip ci workflow will work correctly.