Closed JoleneSF closed 12 months ago
Hi there @JoleneSF :wave:!
Thank you for opening an issue. Our team will triage this as soon as we can. Please take a moment to review the troubleshooting steps which lists common error messages and their resolution steps.
Hi @JoleneSF
By looking at the docs it seems you should change the actions/checkout@v3
to actions/checkout@v4
Have you tried that?
Hi @nheimann1
Thank you for opening an issue. The only change between 0.8.3 and 0.9.0 is the addition of the message that v0 is deprecated: https://github.com/google-github-actions/auth/compare/v0.8.3...v0.9.0
The error message from the original action.yml indicates there's a misconfiguration with your Workload Identity. Please see the Troubleshooting guide. If none of those steps address your issue, please include your complete action.yml and debug logs. Please do not sanitize or filter the logs.
I see the same error message in @v2
, so I don't think this is related to changes in google-github-actions/auth. It appears a configuration may have changed that is causing the authentication to fail.
Hi @sethvargo I got the same issue when upgrading from v0 to v2. I already read and follow https://github.com/google-github-actions/auth/blob/main/docs/TROUBLESHOOTING.md, but it's still failed. My pipeline worked well before upgrading. Please check.
deploy script as below
...
steps:
- name: Checkout
uses: actions/checkout@v4
- name: 'Authenticate to Google Cloud'
id: auth
uses: 'google-github-actions/auth@v2'
with:
token_format: 'access_token'
project_id: 'my_project_id'
workload_identity_provider: 'projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/MY_POOL_NAME/providers/MY_PROVIDER_NAME'
service_account: 'my_service_account'
Hi @sethvargo ,
I have sent debug logs via email google-github-actions@google.com Please help to check. Tks.
Thanks @JoleneSF for opening this issue!
We had the same deprecation error: Error: The v0 series of google-github-actions/auth is no longer maintained.
We upgraded from v0
to v1
and that fixed it for us 😃
Thanks for all the responses! I'll try to get back to them chronologically:
By looking at the docs it seems you should change the
actions/checkout@v3
toactions/checkout@v4
Yes, I did this just now and have the same 403
error.
The error message from the original action.yml indicates there's a misconfiguration with your Workload Identity. Please see the Troubleshooting guide. If none of those steps address your issue, please include your complete action.yml and debug logs. Please do not sanitize or filter the logs.
I see the same error message in
@v2
, so I don't think this is related to changes in google-github-actions/auth. It appears a configuration may have changed that is causing the authentication to fail.
Hmm okay this is a good point I definitely overlooked about the 403
happening at the beginning and thus isn't likely to be because of the v2
change. Nothing on my end changed with GCP or Workload Identity and it was working. The only thing changing when it stopped working is this action bumped to v2
and required upgrading. So I guess I'll need to dig into the Troubleshooting guide as you say and I'll report back.
We had the same deprecation error: Error: The v0 series of google-github-actions/auth is no longer maintained. We upgraded from v0 to v1 and that fixed it for us 😃
Sounds good! My main issue is the new 403
error from the auth action, not the version bump error (which I have resolved).
✅ OKAY I apologize, but I figured out the problem. It actually was the GCP configuration on my side.
I actually wasn't added as an authorized attribute.actor
in the attribute mappings. We never saw it before because another person would do PR merges, and this error was the first time I had actually merged a PR in this repository. So the v0
to v2
change requirement was just a super coincidental red herring.
Hi @JoleneSF - I'm glad you got it sorted out.
@curtis-baillie - it's not an error, it's a log message at the error level. If your GitHub Action is exiting successfully, then you'll see log message, but the GitHub Action will still succeed.
@thanhnguyen612 - are you saying that the exact same workflow succeeds with @v0
but fails with @v2
? If so, can you please provide the complete workflow YAML file?
@curtis-baillie - it's not an error, it's a log message at the error level. If your GitHub Action is exiting successfully, then you'll see log message, but the GitHub Action will still succeed.
Oh, interesting - I'll have to dig in further to the GHA. It was failing the workflow, and as soon as we changed to @v1
it succeeded again. Thanks for the follow up!
Hi @sethvargo , I realized that my mistake in changing some terraform code caused our service account to lack permission to get access token from the workload identity pool.
Thanks for your help and sorry.
Sounds good. Thank you for confirming. Since both @thanhnguyen612 and @JoleneSF issues have been resolved as unrelated to the v2 change, I am going to close this issue. Please open a new issue if you have further questions.
TL;DR
This action fails now after working a few days ago. The error tells to upgrade to
v2
, and no documentation indicates changes required. However, the upgrade breaks the action workflow.Expected behavior
Two possible options are expected for me:
Observed behavior
The original action YAML:
Results in the following output:
The upgraded action with
google-github-actions/auth@v2
is shown below, along with the new (current) log output.Action YAML
Log output
Additional information
No response