[BUG] UnhandledPromiseRejectionWarning: HttpError: Resource not accessible by integration

[peterfortuin]

Action config

      - id: deploy-to-firebase
        name: Deploy to Firebase
        uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: "${{ secrets.GITHUB_TOKEN }}"
          firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_*** }}"
          expires: 5d
          projectId: ***
          entryPoint: website/public
        env:
          FIREBASE_CLI_PREVIEWS: hostingchannels

Error message

Run FirebaseExtended/action-hosting-deploy@v0
  with:
    repoToken: ***
    firebaseServiceAccount: ***

    expires: 5d
    projectId: ***
    entryPoint: website/public
  env:
    SLACK_WEBHOOK_URL: ***
    FIREBASE_CLI_PREVIEWS: hostingchannels
(node:4203) UnhandledPromiseRejectionWarning: HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/FirebaseExtended/action-hosting-deploy/v0/bin/action.min.js:1:29017
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(node:4203) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:4203) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Expected behavior

• No error in de log
• Message in the pull request with url to the preview
• Preview deployed on Firebase Hosting Preview channels

Actual behavior

• Error message in the log (see above)
• No deployment on Firebase Hosting Preview channels
• No message in the pull request

Additional comment

One thing that is also a little bit weird in this case, is that the build doesn't fail. I would assume that if the deployment fails the build on Github Actions would also fail.

[peterfortuin]

I noticed when I started to use FirebaseExtended/action-hosting-deploy@v0.5-alpha it worked for me again. So I will be on that version for the time being. FirebaseExtended/action-hosting-deploy@v0.6-alpha doesn't work.

[oyvindwe]

I got this when trying to deploy a PR from a fork, and "Send secrets to workflows from fork pull requests" was not enabled in the upstream repo. Enabling this setting fixed the issue.

Note: This was using private repos.

[rehanhaider]

Check if you have both read and write permissions for your actions under "Action" settings. I faced similar problem was fixed by providing both read and write permissions to actions.

[peterfortuin]

Not sure what is going on. It seems that when I create pull requests myself (with my own code) it works fine, but when dependabot creates pull requests it doesn't work fine. The version of this action doesn't seem to matter.

@oyvindwe I'm not working with forks, but it that option is enabled in my repo. @rehanhaider I have both read and write permissions enabled on the "Action" settings.

So, both thank you for your replies, but that doesn't seem to help. But I do have a feeling that it's related to some permissions somewhere, because it works when I do it myself, but dependabot pull requests fail.

[peterfortuin]

I would love to help out and make a fix for this, but I have no idea what is going wrong. Somebody has any idea? Maybe know how to find the correct location of the error in the non-minified sources?

[peterfortuin]

I have been diving into the code and into the documentation and it seems that this action can never work together with a dependabot pull request.

According to https://docs.github.com/en/rest/reference/checks you need the checks:write permission to create a check build (the action is creating a check build in src/createCheck.ts.

According to https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ all pull requests created by dependabot will now have readonly permissions. So this will never work with the code as it's now.

Anybody has any ideas how to solve this in the action or on the workflow side?

[mcfedr]

Not sure how this relates to dependabot, but generally use of this action was fix by adding two permissions

    permissions:
      pull-requests: write
      checks: write

this crash was fixed by checks: write, and the pr permission was needed to send the comment with url.

[oyvindwe]

I had to set contents: read in addition to the write permissions to avoid checkout failing with remote: Repository not found., as per https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

If you specify the access for any of these scopes, all of those that are not specified are set to none.

[ccrsxx]

I need to add contents: read in addition to the pull-requests and checks to make it work:

permissions:
  checks: write
  contents: read
  pull-requests: write

Hope this helps someone.

[nbali]

How the hell isn't this still not part of the README? Some functionalities literally can't work without these additional configs. (Yeah, the frustration caused and time spent debugging this is what you are hearing.)