AndreasAugustin
commented
2 months ago Hi @JakobHavtorn and thanks for the issue.
Does the token have access to the remote repository? The token has also a setting related to repository access.
Open JakobHavtorn opened 2 months ago
AndreasAugustin
commented
2 months ago Hi @JakobHavtorn and thanks for the issue.
Does the token have access to the remote repository? The token has also a setting related to repository access.
JakobHavtorn
commented
2 months ago Hi @AndreasAugustin, yes it has access (only) to the two (remote) template repositories that we want to sync towards, via the "Only select repositories" option. And this includes the my-template-repository in the error message above.
davidsnyder
commented
2 months ago Encountered the same issue with PATs:
git init
::info::set git global configuration
::info::the source repository is located within GitHub.
github.com
✓ Logged in to github.com account <github-account> (GITHUB_TOKEN)
- Active account: true
- Git operations protocol: https
- Token: ghp_************************************
- Token scopes: 'read:org', 'repo'
remote: Repository not found.
fatal: repository 'https://github.com/<org>/<template-repo>/' not found
fatal: Needed a single revision
Error: Process completed with exit code 128.I set the token permissions for read:org and repo as described in the README as well as enabling access from other repositories in the source
AndreasAugustin
commented
2 months ago Encountered the same issue with PATs:
git init ::info::set git global configuration ::info::the source repository is located within GitHub. github.com ✓ Logged in to github.com account <github-account> (GITHUB_TOKEN) - Active account: true - Git operations protocol: https - Token: ghp_************************************ - Token scopes: 'read:org', 'repo' remote: Repository not found. fatal: repository 'https://github.com/<org>/<template-repo>/' not found fatal: Needed a single revision Error: Process completed with exit code 128.I set the token permissions for
read:organdrepoas described in the README as well as enabling access from other repositories in the source 's settings.
Hi @davidsnyder and thanks for the heads up. Hmm that is somehow weird. Is possibly the source repo private and the target repo public? Trying to find some time.
@JakobHavtorn super sorry for not getting to work on this issue. Needed to prio some of my actual work tasks
davidsnyder
commented
2 months ago Encountered the same issue with PATs:
git init ::info::set git global configuration ::info::the source repository is located within GitHub. github.com ✓ Logged in to github.com account <github-account> (GITHUB_TOKEN) - Active account: true - Git operations protocol: https - Token: ghp_************************************ - Token scopes: 'read:org', 'repo' remote: Repository not found. fatal: repository 'https://github.com/<org>/<template-repo>/' not found fatal: Needed a single revision Error: Process completed with exit code 128.I set the token permissions for
read:organdrepoas described in the README as well as enabling access from other repositories in the source 's settings.Hi @davidsnyder and thanks for the heads up. Hmm that is somehow weird. Is possibly the source repo private and the target repo public? Trying to find some time.
@JakobHavtorn super sorry for not getting to work on this issue. Needed to prio some of my actual work tasks
Both are private
AndreasAugustin
commented
2 months ago Encountered the same issue with PATs:
git init ::info::set git global configuration ::info::the source repository is located within GitHub. github.com ✓ Logged in to github.com account <github-account> (GITHUB_TOKEN) - Active account: true - Git operations protocol: https - Token: ghp_************************************ - Token scopes: 'read:org', 'repo' remote: Repository not found. fatal: repository 'https://github.com/<org>/<template-repo>/' not found fatal: Needed a single revision Error: Process completed with exit code 128.I set the token permissions for
read:organdrepoas described in the README as well as enabling access from other repositories in the source 's settings.Hi @davidsnyder and thanks for the heads up. Hmm that is somehow weird. Is possibly the source repo private and the target repo public? Trying to find some time. @JakobHavtorn super sorry for not getting to work on this issue. Needed to prio some of my actual work tasks
Both are private
thanks for the answer. Just made a test -> I am able to use a classic PAT without issues. 2 possible issues
Update
Not sure but I guess you edited the error message? (sorry for asking this).
fatal: repository 'https://github.com/<org>/<template-repo>/' not found
I guess you replaced the real org and template-repo here?
AndreasAugustin
commented
2 months ago @JakobHavtorn just tested a fine grained PAT with the following settings: it is working
(please be aware that I gave permissions to both source and target repo)
repo permissions:
also settings set like for classic PAT within source repo (currently not sure if needed).
Would be nice if you could test this. You checked that you possibly want to update the DOCs? Would be nice if possible :) (if not I can do that)
JakobHavtorn
commented
2 months ago Thanks @AndreasAugustin! I'll check it tomorrow. I'll try to make a PR with an update to the docs this week 🙌
davidsnyder
commented
1 month ago For some reason I still can't get this to work. I made several changes related to the fine grained PAT permissions because I thought that was the problem (for example, if you're trying to clone a template repo owned by an org, I believe the org needs to be the owner of the PAT, not your personal account)
Once I have the PAT, if I open a private terminal session and run:
sh-3.2# export GITHUB_TOKEN=<github_PAT>
sh-3.2# gh auth status --hostname github.com
github.com
✓ Logged in to github.com account davidsnyder (GITHUB_TOKEN)
- Active account: true
- Git operations protocol: https
- Token: github_pat_11AABX55A0cE5DX5rKyFpu_***********************************************************
sh-3.2# git ls-remote https://github.com/<org>/plugin-template-go HEAD
f8be11f1751dd27599435d160777e2b3ba13a528 HEADgit ls-remote works as expected.
But when I run the plugin as a Github Action it prints
github.com
✓ Logged in to github.com account davidsnyder (GITHUB_TOKEN)
- Active account: true
- Git operations protocol: https
- Token: github_pat_11AABX55A0cE5DX5rKyFpu_***********************************************************which shows that it logged in successfully via GITHUB_TOKEN
but then it later prints
+++ git ls-remote https://github.com/<org>/plugin-template-go HEAD
remote: Repository not found.
fatal: repository 'https://github.com/<org>/plugin-template-go/' not found
++ TEMPLATE_REMOTE_GIT_HASH=
+++ git rev-parse --short ''
fatal: Needed a single revisionwhich is the same error as before (I enabled -x so it would print the command) as if it doesn't have access to view the private repo. Seeing as it's the same GITHUB_TOKEN, and the login procedure is the same, I don't understand how the behavior could be different.
My workflow file is
name: Sync from Template
on:
workflow_dispatch: # manual trigger
jobs:
repo-sync:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: actions-template-sync
uses: AndreasAugustin/actions-template-sync@v2.2.3
with:
github_token: ${{ secrets.PLUGIN_TEMPLATE_SYNC }}
source_repo_path: <org>/plugin-template-go
upstream_branch: mainFinally figured it out after looking here: https://github.com/orgs/community/discussions/25240
Had to add persist-credentials: false to the checkout action. My final workflow file is as follows:
name: Sync from Template
on:
workflow_dispatch: # manual trigger
jobs:
repo-sync:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
-
name: actions-template-sync
uses: davidsnyder/actions-template-sync@main
with:
github_token: ${{ secrets.PLUGIN_TEMPLATE_SYNC_ACTION }}
source_repo_path: <org>/plugin-template-go
upstream_branch: mainWhen you update the docs, maybe add a note about this!
AndreasAugustin
commented
1 month ago Finally figured it out after looking here: https://github.com/orgs/community/discussions/25240
Had to add
persist-credentials: falseto the checkout action. My final workflow file is as follows:name: Sync from Template on: workflow_dispatch: # manual trigger jobs: repo-sync: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: persist-credentials: false - name: actions-template-sync uses: davidsnyder/actions-template-sync@main with: github_token: ${{ secrets.PLUGIN_TEMPLATE_SYNC_ACTION }} source_repo_path: <org>/plugin-template-go upstream_branch: mainWhen you update the docs, maybe add a note about this!
Hi @davidsnyder , nice that you found a solution.
Remark: Actually I do not fully understand the root cause yet. Also why it is working in other scenarios without using the flag.
AndreasAugustin
commented
1 month ago @all-contributors please add @davidsnyder for research
allcontributors[bot]
commented
1 month ago @AndreasAugustin
I've put up a pull request to add @davidsnyder! :tada:
davidsnyder
commented
1 month ago Unfortunately, I'm not sure either! But I tried everything I could think of and it started working only after I added persist-credentials: false.
Describe the documentation issue
In the section on using a PAT to authorise the Action (https://github.com/AndreasAugustin/actions-template-sync?tab=readme-ov-file#3-using-a-pat) there is an example of using a "classic" token, but not one for the new "fine-grained" token type.
We are struggling to create a fine-grained token to give the Action the permissions it needs. We have tried with the below permissions, but get following error during the
action-template-syncstep of the Action:We have previously had the action running with a classic token with the following permissions:
Links
https://github.com/AndreasAugustin/actions-template-sync?tab=readme-ov-file#3-using-a-pat
Acknowledgements