Closed Martii closed 3 years ago
dessant
commented
3 years ago I see the workflow runs are rather old, has it still failed in the last few days? The action is expected to work in private repos, could you share the error you get from the logs of a recently failed run?
Martii
commented
3 years ago I see the workflow runs are rather old, has it still failed in the last few days?
April 28th, 2021 is the first success and every day after it has failed.
... could you share the error you get from the logs of a recently failed run?
Didn't realize I could click "Lock Threads".
2nd run failure is:
dessant/lock-threads@v2 is not allowed to be used in Martii/*clipped*. Actions in this workflow must be: within a repository owned by Martii.... most recent error is:
dessant/lock-threads@v2 is not allowed to be used in Martii/*clipped*. Actions in this workflow must be: within a repository owned by Martii.The repo is definitely owned by me otherwise I wouldn't be here with this issue. :smile_cat:
dessant
commented
3 years ago It looks like this is a bug or misconfiguration of GitHub Actions, not an issue with this action, but I don't have any idea why you might be getting that error.
dessant
commented
3 years ago Searching for a portion of the error lead to this: https://github.community/t/checkout-v2-error-actions-in-this-workflow-must-within-a-repository-owned-by-organization/136315
Try going through your repo and account settings again, you must have changed something that is causing the failure.
Martii
commented
3 years ago Try going through your repo and account settings again
Will do.
you must have changed something that is causing the failure.
It's been idle except for when you did https://github.com/dessant/lock-threads/releases/tag/v2.1.1 and I updated OUJS at the same time. No changes to anything Account wise or private repo wise.
It looks like this is a bug
Will double check those settings... but I have a feeling it is a GitHub gremlin.
Martii
commented
3 years ago Interesting... GitHub changed my permissions on the private repo :boom: to local only and they also seem to have a gremlin on orgs too with greyed out specified actions:
Will play around with the private repo settings again to see if it runs in next few hours.
Try going through your repo and account settings again
Not nice for GitHub to change my settings without my consent and the org disabling specified actions is just as disconcerting. :smile_cat:
Trying to rematch from org to private... and another possible gremlin with specified actions missing completely:
Martii
commented
3 years ago Different error this time with the appended message at the comment above:
Error : .github#L1
dessant/lock-threads@v2 is not allowed to be used in Martii/*clipped*. Actions in this workflow must be: within a repository owned by Martii, created by GitHub or verified in the GitHub Marketplace.Says you aren't in the Marketplace which was verified again about 8 hours ago that you were. More GitHub gremlins?
Will try with yet another settings but it probably won't be staying that way since I don't want just any actions to run (that's a security issue anywhere)... get to wait ~24 hours for it to run since I'm not touching the repo data itself.
Next retest:
Did try to see if I could get the "specified actions" showing up by unticking several things, resaving, etc.... no luck. So that issue is still around. EDIT Refound editable in global org settings however there still doesn't seem to be one for my account.
Wonder if there is a difference between this repos github.token and what GH is saying with:
Workflow permissions
Choose the default permissions granted to the GITHUB_TOKEN when running workflows in this repository.
◉ Read and write permissions Workflows have read and write permissions in the repository for all scopes.
Martii
commented
3 years ago @dessant
The action is expected to work in private repos,...
| Legend: | Test Result | Symbol |
|---|---|---|
| UNTESTED | :heavy_minus_sign: | |
| PASS | :heavy_check_mark: | |
| FAIL | :x: |
... not an issue with this action...
According to GitHub you don't have the badge for verified creator even though their filter QSP shows you in a query. :-1: Not entirely sure how you get verified properly at this time... good luck with this on your issue with this action. :+1:
Will only run in insecure mode for a private repository (allow any action) :-1:
Note(s):
Note: The Allow specified actions option is only available in public repositories with the GitHub Free, GitHub Pro, GitHub Free for organizations, or GitHub Team plan.
... from here. Not entirely true but close enough with not showing filter list at this time.
Thanks for the pointers on where to hunt down the issues applicable to GitHub and this Action. :smiley:
dessant
commented
3 years ago Thanks for the detailed analysis! It seems the verified status is not yet available for user accounts, I'll apply when it becomes possible.
https://docs.github.com/en/developers/github-marketplace/github-marketplace-overview/applying-for-publisher-verification-for-your-organization https://github.community/t/how-to-become-verified-creator-of-a-github-action/116009/5
Hello there. Thanks for this awesome action... did have a question about private repos though.
When I first encountered this project I tested it out in a private repo and got the very first (last in list) entry:
So I implemented this at https://github.com/OpenUserJS/OpenUserJS.org/blob/master/.github/workflows/lock.yml where it works great and mirror any changes from the private repo to our public GH organization repo.
However you might see in the private repo screen capture it only ran once. GitHub has started to email me around the 8th of June, 2021, every day, telling me it has failed even though it failed the very next day on the private repo.
Is there a configuration option to let this work again on private repos or am I just out of luck?
Thanks again.