search

Schneegans / dynamic-badges-action

This action allows you to create badges for your README.md with shields.io which may change with every commit. To do this, this action does not need to push anything to your repository!
https://schneegans.github.io/tutorials/2022/04/18/badges
MIT License
257 stars 37 forks source link

Workflow triggered by Dependabot fails #22

Closed grndvl1 closed 2 years ago

grndvl1 commented 2 years ago

Upgrading from 1.5.0 to 1.6.0 causes my script to error out with this line.

Screen Shot 2022-11-01 at 10 52 34 AM
Schneegans commented 2 years ago

Thank you for the report! Are you 100% sure that if you revert to v1.5.0 everything works? There are very little changes between the two versions. In fact, it is effectively only one changed line. So it would really surprise me if this change from Node 12 to Node 16 could cause this issue...

SebastianSchmidl commented 2 years ago

I had a similar problem with a Dependabot-created merge commit. The error message was the same, and the failure also happened when upgrading from 1.5.0 to 1.6.0:

Run schneegans/dynamic-badges-action@v1.6.0
  with:
    gistID: 6762bee806477c52e079f21d2f252688
    filename: timeeval__heads_main.json
    label: Test Coverage
    message: 0.8946
    color: green
    namedLogo: pytest
    forceUpdate: false
  env:
    CONDA_PKGS_DIR: /home/runner/conda_pkgs_dir
    COVERAGE: 0.8946
    BRANCH: heads_main
Failed to get gist, response status code: 401, status message: Unauthorized
/home/runner/work/_actions/schneegans/dynamic-badges-action/v1.6.0/index.js:209
        if (oldGist.body.files[filename]) {
                              ^

TypeError: Cannot read properties of undefined (reading 'timeeval__heads_main.json')
    at /home/runner/work/_actions/schneegans/dynamic-badges-action/v1.6.0/index.js:209:[3](https://github.com/HPI-Information-Systems/TimeEval/actions/runs/3393366151/jobs/5640618821#step:8:3)1
    at processTicksAndRejections (node:internal/process/task_queues:96:[5](https://github.com/HPI-Information-Systems/TimeEval/actions/runs/3393366151/jobs/5640618821#step:8:5))

However, the cause was that the commit was authored by Dependabot and the Action missed the correct access rights to the gist. The default secrets for GitHub Actions do not apply for Dependabot and you have to provide them separately in Repository Settings > Secrets > Dependabot.

I hope this information can help.

Schneegans commented 2 years ago

Ohh, I did not know this. Thank you very much! I'll add a corresponding note to the README.

Edit: Done. I'll pin this issue so that others may find it more easily.

TLDR; If you use Dependabot to automatically update dependencies of your repository, you also have to add the gist secret to Dependabot's secrets (Settings > Secrets > Dependabot).

bartvdbraak commented 1 year ago

Thank you @CodeLionX!

I was running into this issue as well.