FirebaseExtended / action-hosting-deploy

Automatically deploy shareable previews for your Firebase Hosting sites
https://firebase.google.com/docs/hosting/github-integration
Apache License 2.0
706 stars 202 forks source link

[BUG] UnhandledPromiseRejectionWarning: HttpError: Resource not accessible by integration #108

Open peterfortuin opened 3 years ago

peterfortuin commented 3 years ago

Action config

      - id: deploy-to-firebase
        name: Deploy to Firebase
        uses: FirebaseExtended/action-hosting-deploy@v0
        with:
          repoToken: "${{ secrets.GITHUB_TOKEN }}"
          firebaseServiceAccount: "${{ secrets.FIREBASE_SERVICE_ACCOUNT_*** }}"
          expires: 5d
          projectId: ***
          entryPoint: website/public
        env:
          FIREBASE_CLI_PREVIEWS: hostingchannels

Error message

Run FirebaseExtended/action-hosting-deploy@v0
  with:
    repoToken: ***
    firebaseServiceAccount: ***

    expires: 5d
    projectId: ***
    entryPoint: website/public
  env:
    SLACK_WEBHOOK_URL: ***
    FIREBASE_CLI_PREVIEWS: hostingchannels
(node:4203) UnhandledPromiseRejectionWarning: HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/FirebaseExtended/action-hosting-deploy/v0/bin/action.min.js:1:29017
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
(node:4203) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:4203) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Expected behavior

Actual behavior

Additional comment

One thing that is also a little bit weird in this case, is that the build doesn't fail. I would assume that if the deployment fails the build on Github Actions would also fail.

peterfortuin commented 3 years ago

I noticed when I started to use FirebaseExtended/action-hosting-deploy@v0.5-alpha it worked for me again. So I will be on that version for the time being. FirebaseExtended/action-hosting-deploy@v0.6-alpha doesn't work.

oyvindwe commented 3 years ago

I got this when trying to deploy a PR from a fork, and "Send secrets to workflows from fork pull requests" was not enabled in the upstream repo. Enabling this setting fixed the issue.

Note: This was using private repos.

rehanhaider commented 3 years ago

Check if you have both read and write permissions for your actions under "Action" settings. I faced similar problem was fixed by providing both read and write permissions to actions.

peterfortuin commented 3 years ago

Not sure what is going on. It seems that when I create pull requests myself (with my own code) it works fine, but when dependabot creates pull requests it doesn't work fine. The version of this action doesn't seem to matter.

@oyvindwe I'm not working with forks, but it that option is enabled in my repo. @rehanhaider I have both read and write permissions enabled on the "Action" settings.

So, both thank you for your replies, but that doesn't seem to help. But I do have a feeling that it's related to some permissions somewhere, because it works when I do it myself, but dependabot pull requests fail.

peterfortuin commented 3 years ago

I would love to help out and make a fix for this, but I have no idea what is going wrong. Somebody has any idea? Maybe know how to find the correct location of the error in the non-minified sources?

peterfortuin commented 3 years ago

I have been diving into the code and into the documentation and it seems that this action can never work together with a dependabot pull request.

According to https://docs.github.com/en/rest/reference/checks you need the checks:write permission to create a check build (the action is creating a check build in src/createCheck.ts.

According to https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ all pull requests created by dependabot will now have readonly permissions. So this will never work with the code as it's now.

Anybody has any ideas how to solve this in the action or on the workflow side?

mcfedr commented 2 years ago

Not sure how this relates to dependabot, but generally use of this action was fix by adding two permissions

    permissions:
      pull-requests: write
      checks: write

this crash was fixed by checks: write, and the pr permission was needed to send the comment with url.

oyvindwe commented 1 year ago

I had to set contents: read in addition to the write permissions to avoid checkout failing with remote: Repository not found., as per https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

If you specify the access for any of these scopes, all of those that are not specified are set to none.

ccrsxx commented 1 year ago

I need to add contents: read in addition to the pull-requests and checks to make it work:

permissions:
  checks: write
  contents: read
  pull-requests: write

Hope this helps someone.

nbali commented 1 week ago

How the hell isn't this still not part of the README? Some functionalities literally can't work without these additional configs. (Yeah, the frustration caused and time spent debugging this is what you are hearing.)