Open peterfortuin opened 3 years ago
I noticed when I started to use FirebaseExtended/action-hosting-deploy@v0.5-alpha it worked for me again. So I will be on that version for the time being. FirebaseExtended/action-hosting-deploy@v0.6-alpha doesn't work.
I got this when trying to deploy a PR from a fork, and "Send secrets to workflows from fork pull requests" was not enabled in the upstream repo. Enabling this setting fixed the issue.
Note: This was using private repos.
Check if you have both read and write permissions for your actions under "Action" settings. I faced similar problem was fixed by providing both read and write permissions to actions.
Not sure what is going on. It seems that when I create pull requests myself (with my own code) it works fine, but when dependabot creates pull requests it doesn't work fine. The version of this action doesn't seem to matter.
@oyvindwe I'm not working with forks, but it that option is enabled in my repo. @rehanhaider I have both read and write permissions enabled on the "Action" settings.
So, both thank you for your replies, but that doesn't seem to help. But I do have a feeling that it's related to some permissions somewhere, because it works when I do it myself, but dependabot pull requests fail.
I would love to help out and make a fix for this, but I have no idea what is going wrong. Somebody has any idea? Maybe know how to find the correct location of the error in the non-minified sources?
I have been diving into the code and into the documentation and it seems that this action can never work together with a dependabot pull request.
According to https://docs.github.com/en/rest/reference/checks you need the checks:write
permission to create a check build (the action is creating a check build in src/createCheck.ts.
According to https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ all pull requests created by dependabot will now have readonly permissions. So this will never work with the code as it's now.
Anybody has any ideas how to solve this in the action or on the workflow side?
Not sure how this relates to dependabot, but generally use of this action was fix by adding two permissions
permissions:
pull-requests: write
checks: write
this crash was fixed by checks: write
, and the pr
permission was needed to send the comment with url.
I had to set contents: read
in addition to the write permissions to avoid checkout failing with remote: Repository not found.
, as per https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
If you specify the access for any of these scopes, all of those that are not specified are set to
none
.
I need to add contents: read
in addition to the pull-requests
and checks
to make it work:
permissions:
checks: write
contents: read
pull-requests: write
Hope this helps someone.
How the hell isn't this still not part of the README? Some functionalities literally can't work without these additional configs. (Yeah, the frustration caused and time spent debugging this is what you are hearing.)
Action config
Error message
Expected behavior
Actual behavior
Additional comment
One thing that is also a little bit weird in this case, is that the build doesn't fail. I would assume that if the deployment fails the build on Github Actions would also fail.