build-push-action fails to properly retrieve the value of the GITHUB_TOKEN

[nicholastulach]

Contributing guidelines

• [X] I've read the contributing guidelines and wholeheartedly agree

I've found a bug, and:

• [X] The documentation does not mention anything about my problem
• [X] There are no open or closed issues that are related to my problem

Description

During the GitHub Actions runtime token ACs step of the build-push-action, we are seeing the following warning, which causes a downstream error.

Warning: Cannot parse GitHub Actions Runtime Token ACs: "undefined" is not valid JSON

Expected behaviour

In previous successful runs, we've seen values such as:

  refs/tags/v0.14.8: read/write
  refs/heads/main: read

Actual behaviour

The token is empty somehow and causing a downstream error during the buildx-version step.

Repository URL

No response

Workflow run URL

No response

YAML workflow

name: Production deployment from release

on:
  workflow_dispatch:
    inputs:
      Debug_Options:
        description: "Temporary workaround for manual execution"
  release:
    types: [published]

env:
  AWS_DEFAULT_REGION: us-east-1
  AWS_DEFAULT_OUTPUT: json
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

jobs:
  build-backend-docker-prod:
    name: Building and pushing image to AWS ECR
    runs-on: ubuntu-20.04

    steps:
      - name: Checkout Inspector Master
        uses: actions/checkout@v4
        with:
          # Reggie!
          submodules: "recursive"

      - name: Create Sentry release
        uses: getsentry/action-release@v1
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: voteshield
          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT_ID }}
        with:
          version: ${{ github.ref }}
          environment: ${{ secrets.SENTRY_ENVIRONMENT }}
          projects: ${{ secrets.SENTRY_PROJECTS }}

      - name: Get the version
        id: get_version
        run: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT

      - name: Set release ID in env file
        run: echo -e "\nSENTRY_RELEASE='${{ steps.get_version.outputs.VERSION }}'" >> ".env.docker"

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4.0.1
        with:
          aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }}
          aws-region: us-east-1
          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_REDACTED }}:role/${{ secrets.AWS_ROLE_NAME }}
          role-duration-seconds: 1200
          role-session-name: GithubActions

      - name: Login to ECR
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.AWS_ACCOUNT_REDACTED }}.dkr.ecr.us-east-1.amazonaws.com

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build and push
        id: docker_build_to_dev_backend
        uses: docker/build-push-action@v5
        with:
          push: true
          tags: ${{ secrets.AWS_ACCOUNT_REDACTED }}.dkr.ecr.us-east-1.amazonaws.com/vs_app:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Update the ECS Service
        run: aws ecs update-service --cluster vs_app --service vs_app --force-new-deployment

      - name: Notify slack (success)
        if: ${{ success() }}
        env:
          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
        uses: pullreminders/slack-action@master
        with:
          args: '{\"channel\": \"${{ secrets.SLACK_CHANNEL_ID }}\", \"unfurl_links\": false, \"unfurl_media\": false, \"text\": \"Production deployment from release: *success* :tada: \n Visit: https://redacted.com \n Details about the Github run: https://github.com/OUR_ORG/Inspector/actions/runs/${{ github.run_id }}\"}'

Workflow logs

No response

BuildKit logs

No response

Additional info

Not sure if this is a problem specific to this GitHub Action or GitHub failure more generally with respect to populating the GITHUB_TOKEN value.

[crazy-max]

Thanks for your report. We would need the full workflow logs to figure out what's wrong.

We also published v5.1.0 version of the action today but don't think this is related.

[nicholastulach]

I guess maybe perhaps (who knows?) this is actually GitHub's fault and the GITHUB_TOKEN was corrupted in some way. We re-launched the job (instead of using the "rerun" option on the existing failed job) and it completed successfully the second time.

Closing this issue, but i just wanted to file somewhere on the internet in case future humans (or AIs) run into this issue.