search

dawidd6 / action-homebrew-bump-formula

:gear: A GitHub Action to easily bump Homebrew formula on new release
MIT License
97 stars 26 forks source link

Strange behavior following action execution #47

Closed HorlogeSkynet closed 2 years ago

HorlogeSkynet commented 2 years ago

Hey @dawidd6, I've just experienced a pretty strange behavior.

The action (v3.8.0) launched itself as I released Archey v4.14.0.0 (job), and failed with an error I've never had before :

==> Retrieving PyPI dependencies for "archey4==4.14.0.0"...
Error: Unable to determine dependencies for "archey4==4.14.0.0" because of a failure when running
`/usr/local/opt/pipgrip/bin/pipgrip --json --tree --no-cache-dir archey4==4.14.0.0`.
Please update the resources for "archey4" manually.
/usr/local/Homebrew/Library/Homebrew/utils.rb:323:in `safe_system': Failure while executing; `/usr/local/bin/brew bump-formula-pr --no-audit --no-browse --message=\[\`action-homebrew-bump-formula\`\]\([https://github.com/dawidd6/action-homebrew-bump-formula\](https://github.com/dawidd6/action-homebrew-bump-formula/)) --version=4.14.0.0 --url=https://files.pythonhosted.org/packages/84/a0/adc84fed924b67df29d762b45c79b836a17a4431185c866be0ad366edd6d/archey4-4.14.0.0.tar.gz archey4` exited with 1. (ErrorDuringExecution)
    from /Users/runner/work/_actions/dawidd6/action-homebrew-bump-formula/v3/main.rb:27:in `brew'
    from /Users/runner/work/_actions/dawidd6/action-homebrew-bump-formula/v3/main.rb:112:in `<module:Homebrew>'
    from /Users/runner/work/_actions/dawidd6/action-homebrew-bump-formula/v3/main.rb:18:in `<main>'
Error: Process completed with exit code 1.

... but a PR Homebrew/homebrew-core#111436 has been (automatically ?) created by @Curudel (bump commit on their fork).

Two questions :

  1. What do you think about the pipgrip error ? I've personally replayed the step on my machine, and it worked well.
  2. What do you think about the above PR created at the exact same time (3:03 PM UTC), but not on my own fork and without my account permissions ?

Many thanks, bye :wave:

dawidd6 commented 2 years ago
  1. Might be some transient PyPI issue, if it worked afterwards. Can't really tell.
  2. This is really weird. Personally I would suggest checking the token used for the Action, maybe it was compromised?
HorlogeSkynet commented 2 years ago

Thanks for your quick answer.

  1. All good with that.
  2. I don't think the token has been compromised (but you're right, I'll change it anyway). Although, by looking at @Curudel's fork (skipped) action jobs and by crossing them with opened PRs as the one above, this is not the first time this happens. However, I couldn't find the actual workflow responsible for this. Some commits (automatically ?) appear on @Curudel's fork and somehow your action is run.
dawidd6 commented 2 years ago

Something weird happened in our CI regarding the PR created too: https://github.com/Homebrew/homebrew-core/actions/runs/3106549567/jobs/5033567708

I haven't seen anything like that before. Some glitch? Cause it surely looks like one. Is @Curudel someone you know?

HorlogeSkynet commented 2 years ago

Something weird happened in our CI regarding the PR created too: Homebrew/homebrew-core/actions/runs/3106549567/jobs/5033567708

Yes, I didn't get this either.

I haven't seen anything like that before. Some glitch? Cause it surely looks like one. Is @Curudel someone you know?

Absolutely no idea. And not at all :roll_eyes:

HorlogeSkynet commented 2 years ago

So it "just" looks like @Curudel has jobs automatically running, causing race conditions with people's own Actions... Closing here as it does not appear to be related to homebrew-bump-formula đŸ˜‡ Thanks bye đŸ™‡