Open Hiratake opened 1 year ago
I have the same problem. Trying to build PR'a to a dedicated preview site, but getting missing API key error. From the log:
Run cloudflare/pages-action@v1
with:
projectName: preview
directory: public
branch: main
workingDirectory: web
wranglerVersion: [3](https://github.com/deepcausality-rs/sites/actions/runs/6142941060/job/16665488500?pr=44#step:3:3)
Error: Input required and not supplied: apiToken
@marvin-hansen Hi, Your problem may be slightly different from what Hiratake san problem is.
I think your workflow is this file: https://github.com/deepcausality-rs/sites/blob/24f7e37c0092f534bd820dd1e8ba9dc10f9f3f1e/.github/workflows/preview.yml
The CLOUDFLARE_API_TOKEN
secret is required, did you set it and run it?
Since the error is Input required and not supplied
, I assume that the value for apiToken
does not exist...😢
If the problem is the same as Hiratake's, the error should include a statement like No ref found for
!
I hope you will find it useful!
Well,
I did provided the token but upon further investigation, it became clear that there are a number of issues related to accessing GH secrets from a PR that originated from a forked repo. I tried a few suggestions, but nothing worked out so I’m not sure where to go from here.
Best
On Mon, Sep 11, 2023 at 9:27 PM Tomachi @.***> wrote:
@marvin-hansen https://github.com/marvin-hansen Hi, Your problem may be slightly different from what Hiratake san problem is.
I think your workflow is this file: https://github.com/deepcausality-rs/sites/blob/24f7e37c0092f534bd820dd1e8ba9dc10f9f3f1e/.github/workflows/preview.yml The CLOUDFLARE_API_TOKEN secret is required, did you set it and run it? Since the error is Input required and not supplied, I assume that the value for apiToken does not exist...😢
If the problem is the same as Hiratake's, the error should include a statement like No ref found for https://github.com/jaoafa/jaoweb4/actions/runs/5296316660/job/14339062309#step:8:14 !
I hope you will find it useful!
— Reply to this email directly, view it on GitHub https://github.com/cloudflare/pages-action/issues/94#issuecomment-1713883953, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFYR7XF2YXHIOPGBIYS4633XZ4GVFANCNFSM6AAAAAAZKFANPA . You are receiving this because you were mentioned.Message ID: @.***>
@marvin-hansen
Oh, I see. There is indeed a restriction on the pull_request
event that the secret cannot be referenced from the forked repos.
This restriction prevents a malicious forker from stealing the secret.
One commonly used workaround is to use labels as triggers. Since labels can only be granted with Write permission to the repository, this is considered a reasonable workaround✅
For reference, take a look at the following workflow! ❤ https://github.com/jaoafa/jaoweb4/blob/2b337c1a15385454f2aa6f5c07f6af95d1d680f9/.github/workflows/publish.yml#L18
Amazing.
Let me try this tomorrow and report back.
Thank you so much.
On Mon, Sep 11, 2023 at 10:25 PM Tomachi @.***> wrote:
For reference, take a look at the following workflow! ❤
— Reply to this email directly, view it on GitHub https://github.com/cloudflare/pages-action/issues/94#issuecomment-1713997350, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFYR7XFIX732K66PTBIQFGLXZ4NL3ANCNFSM6AAAAAAZKFANPA . You are receiving this because you were mentioned.Message ID: @.***>
@book000
I'm struggling a bit to make the GH action you shared work.
Good news is: 1) Auto-comment that a PR from a forked repo needs the 🚀request-deploy label works
2) Once the label has been added, the publish action runs. Nice.
Now, my page is a Hugo static page and the lock.json is in the folder separate folder called web. Therefore, I added the working-directory tag and npm ci installs.
The npm run generate steps also gets the working-directory.
- name: Run generate
working-directory: web
run: npm run generate
However, this steps fails in the CI
Run npm run generate
npm run generate
shell: /usr/bin/bash -e {0}
npm ERR! Missing script: "generate"
npm ERR!
npm ERR! To see a list of scripts, run:
npm ERR! npm run
npm ERR! A complete log of this run can be found in: /home/runner/.npm/_logs/[2](https://github.com/deepcausality-rs/sites/actions/runs/6221068467/job/16882331675?pr=57#step:7:2)02[3](https://github.com/deepcausality-rs/sites/actions/runs/6221068467/job/16882331675?pr=57#step:7:3)-09-18T10_07_[5](https://github.com/deepcausality-rs/sites/actions/runs/6221068467/job/16882331675?pr=57#step:7:6)5_3[8](https://github.com/deepcausality-rs/sites/actions/runs/6221068467/job/16882331675?pr=57#step:7:9)1Z-debug-0.log
Error: Process completed with exit code 1.
The complete workflow file:
https://github.com/deepcausality-rs/sites/actions/runs/6221076223/workflow
And the last failed run: https://github.com/deepcausality-rs/sites/actions/runs/6221076223/job/16882354763?pr=57
Any idea how to fix this?
I think the correct way to build HUGO sites manually is something like this:
hugo --environment production --gc --minify
Have to update the action to install & run hugo
@marvin-hansen
npm run generate
runs scripts.generate in package.json
. Therefore, if the generate script is not defined, this error will occur.
For a simple solution, replace this part with the following (...may need to be changed):
- name: Build hugo site
working-directory: web
run: hugo --environment production --gc --minify
thank you @book000
I'm working on it.
The theme I am using can actually be build with npm using install & build. I just tried it locally and that one worked. Trying it now on CI
npm install
npm run build
@book000 This one worked. The last blocker I solved was to enable submodule checkout so that the theme gets cloned as well.
Now it's all running.
https://github.com/deepcausality-rs/sites/actions/runs/6221806137/job/16884805932
Thank you so much for all your help.
The workflow fails when creating a pull request from a fork repository to an upstream repository. Perhaps the error occurs because the correct branch name is now used in #70, and the branch cannot be found in the upstream repository where the workflow is to be executed.
The workflows where this problem has actually occurred following:
https://github.com/jaoafa/jaoweb4/blob/847e0875f9ae88cd69125433cfbfedfd9c33d753/.github/workflows/publish.yml#L98
The actual problematic workflows resulted in the following:
https://github.com/jaoafa/jaoweb4/actions/runs/5296316660/jobs/9587342658
For pull requests from forks, it is preferable to use SHA. Alternatively, it would be possible to change this in inputs.