「Create post」ワークフローに失敗する

uhooi commented 2 years ago

https://github.com/ios-osushi/website/runs/6287369544?check_suite_focus=true

Run POST_FILENAME="006-20220509.md"
  POST_FILENAME="006-20220509.md"
  POST_FILE="./Content/posts/$POST_FILENAME"
  POST_DATE_BEFORE=20220509
  POST_YEAR=${POST_DATE_BEFORE:0:4}
  POST_MONTH=${POST_DATE_BEFORE:4:2}
  POST_DAY=${POST_DATE_BEFORE:6:2}
  POST_DATE=$POST_YEAR-$POST_MONTH-$POST_DAY
  touch $POST_FILE
  echo -e "---\ndate: $POST_DATE 09:00\ndescription: TBD\ntags: TBD\n---\n# 006 $POST_DATE\n\n## TBD\n\nTBD" > $POST_FILE
  git add $POST_FILE
  git commit -m "Create $POST_FILENAME"
  git push origin feature/006_20220509
  echo "::set-output name=post_filename::$POST_FILENAME"
  shell: /usr/bin/bash -e {0}
  env:
    GITHUB_TOKEN: ***
[feature/006_20220509 4295d93 Create 006-20220509.md
 1 file changed, 10 insertions(+)
 create mode 100644 Content/posts/006-20220509.md
To https://github.com/ios-osushi/website
 ! [rejected]        feature/006_20220509 -> feature/006_20220509 (fetch first)
error: failed to push some refs to 'https://github.com/ios-osushi/website'
hint: Updates were rejected because the remote contains work that you do
hint: not have locally. This is usually caused by another repository pushing
hint: to the same ref. You may want to first integrate the remote changes
hint: (e.g., 'git pull ...') before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.
Error: Process completed with exit code 1.

uhooi commented 2 years ago

自分で実行してみたら、↑のステップは成功したけど、次のステップで失敗した↓ https://github.com/ios-osushi/website/runs/6300125578?check_suite_focus=true

Run hub version
git version 2.36.0
hub version 2.14.2
Error creating pull request: Forbidden (HTTP 403)
GitHub Actions is not permitted to create or approve pull requests.
Error: Process completed with exit code 1.

treastrain commented 2 years ago

@uhooi なるほど！ permission が足りていなかったんですね… このあたりが参考になるかと思います〜！

https://docs.github.com/ja/actions/using-jobs/assigning-permissions-to-jobs

uhooi commented 2 years ago

ありがとう、見てみる！なんで急に権限が足りなくなったのか、それが謎やな、、

uhooi commented 2 years ago

デフォルトは wirte-all っぽい…

GitHub Actionsのデフォルトパーミッションはwrite-allです。

参考: https://efcl.info/2021/07/21/update-github-actions-permissions/

uhooi commented 2 years ago

あー一番下の「Allow GitHub Actions to create and approve pull requests」が OFF になっているグレーアウトされていて ON にできない、、 https://github.com/ios-osushi/website/settings/actions

uhooi commented 2 years ago

Organization のほうなら ON にできるまずこっちを ON にする必要があるのかも https://github.com/organizations/ios-osushi/settings/actions

uhooi commented 2 years ago

いや、OFF のままで「Read repository contents permission」に変更して、各ワークフローごとに適切なパーミッションを割り当てるほうがいいかそうしてみる

uhooi commented 2 years ago

メモ contents: write にしないとブランチをプッシュできなかった https://github.com/ios-osushi/website/runs/6300412234?check_suite_focus=true

Run POST_FILENAME="999-20220505.md"
  POST_FILENAME="999-20220505.md"
  POST_FILE="./Content/posts/$POST_FILENAME"
  POST_DATE_BEFORE=20220505
  POST_YEAR=${POST_DATE_BEFORE:0:4}
  POST_MONTH=${POST_DATE_BEFORE:4:2}
  POST_DAY=${POST_DATE_BEFORE:6:2}
  POST_DATE=$POST_YEAR-$POST_MONTH-$POST_DAY
  touch $POST_FILE
  echo -e "---\ndate: $POST_DATE 09:00\ndescription: TBD\ntags: TBD\n---\n# 999 $POST_DATE\n\n## TBD\n\nTBD" > $POST_FILE
  git add $POST_FILE
  git commit -m "Create $POST_FILENAME"
  git push origin feature/999_20220505
  echo "::set-output name=post_filename::$POST_FILENAME"
  shell: /usr/bin/bash -e {0}
  env:
    GITHUB_TOKEN: ***
[feature/999_20220505 7e5b75d] Create 999-20220505.md
 1 file changed, 10 insertions(+)
 create mode 100644 Content/posts/999-20220505.md
remote: Permission to ios-osushi/website.git denied to github-actions[bot].
fatal: unable to access 'https://github.com/ios-osushi/website/': The requested URL returned error: 403
Error: Process completed with exit code 128.

uhooi commented 2 years ago

pull-requests: write にしても GitHub Actions is not permitted to create or approve pull requests. が出て失敗してしまう https://github.com/ios-osushi/website/runs/6300434533?check_suite_focus=true

uhooi commented 2 years ago

hub から gh に変えてもエラーだなぁ https://github.com/ios-osushi/website/runs/6300703162?check_suite_focus=true

Run gh --version
  gh --version
  gh pr create \
    --title "Create 999-20220505.md" \
    --body "## スクリーンショット\n\n| `999-20220505.md` |\n|:--:|\n|TBD|" \
    --base "main" \
    --head "feature/999_20220505" \
    --draft
  shell: /usr/bin/bash -e {0}
  env:
    GITHUB_TOKEN: ***
gh version 2.8.0 (2022-04-13)
https://github.com/cli/cli/releases/tag/v2.8.0
/home/runner/work/_temp/3de12cf0-a0c4-42c6-86ff-ba9810e81f86.sh: line 2: 999-20220505.md: command not found
pull request create failed: GraphQL: GitHub Actions is not permitted to create or approve pull requests (createPullRequest)
Error: Process completed with exit code 1.

uhooi commented 2 years ago

てか Set up job から GITHUB_TOKEN の権限を見ることができたそしたら失敗したワークフローではすべて write になっていた、、 https://github.com/ios-osushi/website/runs/6300125578?check_suite_focus=true#step:1:13

GITHUB_TOKEN Permissions
  Actions: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

なぜ PR が作成できないんだ、、

uhooi commented 2 years ago

ベストな方法ではない気がするけど、これでうまくいったからよしとするか

https://github.com/ios-osushi/website/actions/runs/2273720366

ry-itto commented 2 years ago

再び失敗してしまったので reopen します :pray: https://github.com/ios-osushi/website/actions/runs/2316930150

uhooi commented 2 years ago

@ry-itto ほんとだ…すまぬ、、エラー内容を確認したら前と違ったから、リオープンでなく新規作成してくれると嬉しい🙏

ios-osushi / website

「Create post」ワークフローに失敗する #45