Open vorburger opened 10 months ago
I don't know why it says Error: Input required and not supplied: env
above - @EndBug do you understand that better?
The more interesting part is perhaps the Error: unexpected error encountered: HttpError: Resource not accessible by integration - see logs for more information
line? That may be related is probably because in my GitHub Action configuration I have:
permissions:
contents: read
because some Security Review tool I'm using in that repo doesn't let me have actions without any permissions:
.
Based on https://github.com/EndBug/pages-preview#fine-grained-pat I suspect that, just like the PAT, the Action also needs (the equivalent of) "Actions" and "Content" to "Read and write" permissions...
permissions:
actions: write
contents: write
clear does not suffice / work (I just tried, in first version of https://github.com/www-learn-study/saraswati.learn.study/pull/32/files).
PS: Even if it were to work, I'm trying to understand the security implications of this... this is not really safe, is it?!
Even this is also not sufficient:
permissions:
actions: write
contents: write
pull-requests: write
repository-projects: write
I then tried completely removing permissions:
, as https://github.com/EndBug/pages-preview/blob/main/dependents/source_repo.yml doesn't have it, which grants "full permissions" (AFAIK), ignoring this (unrelated) complaint, for now:
Linted [REPOSITORY] files with [checkov]: Found 1 error(s) - (15.22s) (expand for details)
- Using [checkov v3.0.12] https://megalinter.io/7.5.0/descriptors/repository_checkov
- MegaLinter key: [REPOSITORY_CHECKOV]
- Rules config: [.checkov.yml]
--Error detail:
github_actions scan results:
Passed checks: 153, Failed checks: 1, Skipped checks: 0
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
FAILED for resource: on(Preview)
File: /.github/workflows/preview.yaml:0-1
but even that doesn't work either, and still causes the error shown initially.
So perhaps this is just broken? Maybe related to a change GitHub made?
Actually, coming to think of it, I'm stupid, given the PAT, for the Preview repo, the workflow really shouldn't require ANY permissions on the Source repo ... that's the whole point of the (nice!) separation approach that this project intends (contrary to e.g. https://github.com/rossjrw/pr-preview-action from @rossjrw, which uses a different approach).
So perhaps this is just broken? Maybe related to a change GitHub made?
I've had a slightly closer look, and now start to understand that it's failing here. That uses: EndBug/deployments@140-task
which is https://github.com/EndBug/deployments which is a fork of https://github.com/bobheadxi/deployments by @bobheadxi - do you perhaps happen to know what this error means?
I don't suppose it's worthwhile for this project to switch back from @EndBug fork of deployments
back to its upstream? I've no idea if any of https://github.com/EndBug/deployments/compare/main...bobheadxi:deployments:main could fix this problem.
In https://github.com/www-learn-study/saraswati.learn.study/pull/34/files I have tried to use deployments: false
but the same problem still happens. This is very puzzling (to me), given the check here... or is this some YAML boolean funkyness, e.g. does it have to be deployments: False
? It looks like it's a String comparison...
Oh! This is because, as I had noted here, the change isn't "visible" yet while the PR builds, only after merge; note:
Run EndBug/deployments@140-task
with:
step: start
env: preview
ref: bf129f4fdf2b[38](https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6727025592/job/18284233555?pr=34#step:6:40)713aa5a01[39](https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6727025592/job/18284233555?pr=34#step:6:41)5160[40](https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6727025592/job/18284233555?pr=34#step:6:42)298c3c031
task: deploy:www-learn-study/saraswati.learn.study/pr/34
token: ***
debug: false
auto_inactive: false
is still missing the deployments: false
! I'll merge it, and then see... (which is a PITA, because I blocked Merge on red PR).
OK so deployments: false
does (obviously) "work around" this, and https://github.com/www-learn-study/previews/tree/gh-pages/www-learn-study/saraswati.learn.study/pr/35 has the site. Except I don't see a preview URL commented on https://github.com/www-learn-study/saraswati.learn.study/pull/35... on https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6727077747/job/18284360060?pr=35 it doesn't even seem to have run pr_comment
?!
I don't suppose it's worthwhile for this project to switch back from @EndBug fork of deployments back to its upstream? I've no idea if any of https://github.com/EndBug/deployments/compare/main...bobheadxi:deployments:main could fix this problem.
FTR: It does not so, see https://github.com/EndBug/pages-preview/pull/21#issuecomment-1789937473.
FTR: I've switched from (this) https://github.com/EndBug/pages-preview to https://github.com/rossjrw/pr-preview-action in https://github.com/www-learn-study/saraswati.learn.study/pull/40 and originally still ran into the same problem with that other action, see https://github.com/rossjrw/pr-preview-action/issues/60.
https://github.com/www-learn-study/saraswati.learn.study/pull/43 with the correct permissions:
DID fix it.
What hapened here (above) is that (a) I tried the wrong permissions:
(my bad), and (b) as I had noted here, the change isn't "visible" yet while the PR builds, only after merge - you need to add the permissions:
and merge, and not stumble over the fact that the Preview Action still fails on the PR.
I'll post a PR with a proposed docs clarification.
I thought I fixed this, but am seeing this again, see https://github.com/www-learn-study/saraswati.learn.study/issues/50#issuecomment-1790218847.
Heyyy, there's a lot of stuff in this issue, and in the related PR 😅 Have you found the cause of the issue?
I ran into this:
on https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6726455878/job/18282744533?pr=29 for a 1st PR to test https://github.com/www-learn-study/saraswati.learn.study/pull/27.
I'll try to see if I can figure out what this means and how to fix it and document my findings, and solution if any, here.