Closed jkruse14 closed 3 months ago
We are also facing this blocking issue with version 5.22.0 .
EDIT : after better analyze, the issue we face is in fact https://github.com/integrations/terraform-provider-github/issues/1524 . As a temporary workaround, we had to downgrade to release 5.14.0
Stack trace from the terraform-provider-github_v5.22.0 plugin:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x48 pc=0xf6586d]
goroutine 32 [running]:
github.com/integrations/terraform-provider-github/v5/github.resourceGithubActionsRunnerGroupRead(0xc0007ca8c0, {0x1049ee0?, 0xc000550980?})
github.com/integrations/terraform-provider-github/v5/github/resource_github_actions_runner_group.go:210 +0x82d
github.com/hashicorp/terraform-plugin-sdk/helper/schema.(*Resource).RefreshWithoutUpgrade(0xc000549400, 0xc000892c80, {0x1049ee0, 0xc000550980})
github.com/hashicorp/terraform-plugin-sdk@v1.17.2/helper/schema/resource.go:470 +0x1aa
github.com/hashicorp/terraform-plugin-sdk/internal/helper/plugin.(*GRPCProviderServer).ReadResource(0xc00000e998, {0xc000114960?, 0x4b8786?}, 0xc000114960)
github.com/hashicorp/terraform-plugin-sdk@v1.17.2/internal/helper/plugin/grpc_provider.go:535 +0x34b
github.com/hashicorp/terraform-plugin-sdk/internal/tfplugin5._Provider_ReadResource_Handler({0x12437c0?, 0xc00000e998}, {0x15e9260, 0xc000a68ba0}, 0xc0007ca3f0, 0x0)
github.com/hashicorp/terraform-plugin-sdk@v1.17.2/internal/tfplugin5/tfplugin5.pb.go:3269 +0x[170](https://github.enterprise.xxx/organization/repository/runs/903513?check_suite_focus=true#step:8:171)
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001ca000, {0x15ed128, 0xc000029380}, 0xc00056d7a0, 0xc0002056e0, 0x1e095d0, 0x0)
google.golang.org/grpc@v1.50.1/server.go:1340 +0xd13
google.golang.org/grpc.(*Server).handleStream(0xc0001ca000, {0x15ed128, 0xc000029380}, 0xc00056d7a0, 0x0)
google.golang.org/grpc@v1.50.1/server.go:[171](https://github.enterprise.xxx/organization/repository/runs/903513?check_suite_focus=true#step:8:172)3 +0xa1b
google.golang.org/grpc.(*Server).serveStreams.func1.2()
google.golang.org/grpc@v1.50.1/server.go:965 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/grpc@v1.50.1/server.go:963 +0x28a
Error: The terraform-provider-github_v5.22.0 plugin crashed!
Could you please provide a small reproductive example?
This should get you what you need.
provider "github" {
owner = var.organization
app_auth {
id = var.github_app_id
installation_id = var.github_installation_id
pem_file = var.pem_file_content
}
}
data "github_repository" "terraform_aws_github_self_hosted_runners" {
full_name = var.repo_name
}
resource "github_actions_runner_group" "team_groups" {
name = var.runner_group_name
visibility = "selected"
selected_repository_ids = [data.github_repository.terraform_aws_github_self_hosted_runners.repo_id]
}
Can you confirm permissions needed by the GITHUB_TOKEN to create a runner group? Maybe I didn't set that correctly?
Thank you. According to these docs, the required permissions scope is manage_runners:enterprise
.
Regardless, it would be nice if the provider could handle these situations more gracefully.
Thank you. According to these docs, the required permissions scope is
manage_runners:enterprise
.Regardless, it would be nice if the provider could handle these situations more gracefully.
What does that translate to in the permissions for the token on the runner set in the permissions
block of the action yaml? The permissions I'm referring to can be found here
The default token on the runner does not have enterprise scopes available. In order to manipulate enterprise-level resources, you'll need a personal access token or a GitHub App.
The default token on the runner does not have enterprise scopes available. In order to manipulate enterprise-level resources, you'll need a personal access token or a GitHub App.
But these runners are at the Org level
Oh, my mistake. In that case, the required permissions are admin:org
.
Perhaps I was thinking about this incorrectly. I'm using app_auth
with the github terraform integration. The app has the following permissions:
Repositories: Actions: read meta-data: read
Organizations
am I missing something here?
oh, i just saw that apps don't support all endpoints. It looks like runner groups is not supported, unless i missed it here
Oh gosh, you're right, that's obnoxious. Perhaps we should document that in the provider as well in the hope of reducing confusion.
I've confirmed this works when using a fine grained access token!
👋 Hey Friends, this issue has been automatically marked as stale
because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned
label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!
Describe the need
I am trying to create an actions runner group using a GitHub App Token with Org Admin write permission:
This results in:
SDK Version
terraform-provider-github_v5.18.3
API Version
No response
Relevant log output
Code of Conduct