search

Azure / actions

Author and use Azure Actions to automate your GitHub workflows
https://azure.github.io/actions/
MIT License
444 stars 174 forks source link

Azure Web Apps Deploy action doesn't ask for content read permission #170

Open lucasbfr opened 3 months ago

lucasbfr commented 3 months ago

Hi,

when setting up a brand new .net 8 deployment straight from the Azure portal, I encountered the following error at the "Checkout GitHub Action" step: 

Fetching the repository
  "C:\Program Files\Git\bin\git.exe" -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +[REDACTED]:refs/remotes/origin/main
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/lucasbfr/[REDACTED]' not found
  The process 'C:\Program Files\Git\bin\git.exe' failed with exit code 128

This is caused by a missing permission. The ones created by Azure are permissions: id-token: write #This is required for requesting the JWT

However, contents: read #attempt to read the private repo is required to be able to read a (I guess non public) repository.

The previous version of this script worked, probably because it was not setting any permission and contents: read is the default overridden by the new version.

lucasbfr commented 3 months ago

Also created at https://github.com/actions/starter-workflows/issues/2467 (which is probably a better place?). You can probably close this if that's the case