KohlsTechnology / prometheus_bigquery_remote_storage_adapter

Prometheus remote storage adapter for Google's BigQuery
Apache License 2.0
44 stars 17 forks source link

Test action always fails when PR is created from a fork #204

Open vinny-sabatini opened 1 year ago

vinny-sabatini commented 1 year ago

What happens?

When a pull request is created from a fork, the test action always fails

What were you expecting to happen?

I would expect that the jobs would be able to run successfully

Steps to reproduce:

Any errors, stacktrace, logs?

Here are the logs from the step:

Run google-github-actions/auth@v1
  with:
    workload_identity_provider: projects/8[2](https://github.com/KohlsTechnology/prometheus_bigquery_remote_storage_adapter/actions/runs/4186647158/jobs/7259676118#step:8:2)1427[3](https://github.com/KohlsTechnology/prometheus_bigquery_remote_storage_adapter/actions/runs/4186647158/jobs/7259676118#step:8:3)11[4](https://github.com/KohlsTechnology/prometheus_bigquery_remote_storage_adapter/actions/runs/4186647158/jobs/7259676118#step:8:4)13/locations/global/workloadIdentityPools/prombq-adaptor/providers/github
    service_account: prombq-adaptor@kohlsdev-prombq-adaptor.iam.gserviceaccount.com
    create_credentials_file: true
    export_environment_variables: true
    cleanup_credentials: true
    access_token_lifetime: 3600s
    access_token_scopes: https://www.googleapis.com/auth/cloud-platform
    retries: 0
    id_token_include_email: false
  env:
    BQ_DATASET_NAME: github_actions_41866471[5](https://github.com/KohlsTechnology/prometheus_bigquery_remote_storage_adapter/actions/runs/4186647158/jobs/7259676118#step:8:5)[8](https://github.com/KohlsTechnology/prometheus_bigquery_remote_storage_adapter/actions/runs/4186647158/jobs/7259676118#step:8:8)_2
    MSYS: winsymlinks:nativestrict
Error: google-github-actions/auth failed with: retry function failed after 1 attempt: gitHub Actions did not inject $ACTIONS_ID_TOKEN_REQUEST_TOKEN or $ACTIONS_ID_TOKEN_REQUEST_URL into this job. This most likely means the GitHub Actions workflow permissions are incorrect, or this job is being run from a fork. For more information, please see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Additional comments:

203 is an example PR where this issue happened

vinny-sabatini commented 1 year ago

What I've found so far:

vinny-sabatini commented 6 months ago

I found a couple of other interesting things that could help:

Also, now that #348 has been merged upgrading the codecov-action to v4.0.0, and we can no longer do tokenless uploads to CodeCov, we will run into this same issue with that action.