search

iterative / cml

♾️ CML - Continuous Machine Learning | CI/CD for ML
http://cml.dev
Apache License 2.0
4k stars 338 forks source link

cml comment issue #1377

Open Azariagmt opened 1 year ago

Azariagmt commented 1 year ago

I had an action which generated database schema whenever .dbml file was changed.

action file

name: Render DBML file
run-name: ${{ github.actor }} is modifying database schema
on:
  pull_request:
    paths: 
    - 'database.dbml'

jobs:
  Render-DBML:
    permissions: write-all
    runs-on: ubuntu-latest
    steps:

      - uses: iterative/setup-cml@v1
      - uses: actions/checkout@v3

      - name: install dbml-renderer
        run: npm install -g @softwaretechnik/dbml-renderer

      - name: render-dbml
        run: |
          dbml-renderer -i database.dbml -o schema.png
      - name: Create CML report
        env:
          REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          echo '![](schema.png "Database Schema")' >> report.md
          cml comment create report.md

The above action (cml comment) was working properly but is now raising the following error:

{"code":"ERR_INVALID_URL","input":"\r\n400 Bad Request\r\n\r\n

400 Bad Request

\r\n
cloudflare
\r\n\r\n\r\n","level":"error","message":"Invalid URL","stack":"TypeError [ERR_INVALID_URL]: Invalid URL\n at new NodeError (node:internal/errors:399:5)\n at new URL (node:internal/url:560:13)\n at uriParam (/usr/local/lib/node_modules/@dvcorg/cml/src/utils.js:151:15)\n at watermarkUri (/usr/local/lib/node_modules/@dvcorg/cml/src/utils.js:142:10)\n at CML.publish (/usr/local/lib/node_modules/@dvcorg/cml/src/cml.js:328:13)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async visitor (/usr/local/lib/node_modules/@dvcorg/cml/src/cml.js:229:24)\n at async Promise.all (index 0)\n at async publishLocalFiles (/usr/local/lib/node_modules/@dvcorg/cml/src/cml.js:240:7)"}

I changed the GITHUB_TOKEN with a personal access token with read and actions privilege but it's still raising the same issue

Other configurations I've tried:

cml comment create report.md cml comment update --publish report.md

hbenedek commented 1 year ago

Hello, I had the same issue today and installing node.js fixed the problem, try adding

- uses: actions/setup-node@v1
  with:
    node-version: '16'
Azariagmt commented 1 year ago

Thanks @hbenedek that worked. Node version in runner was 18.16.0.

0x2b3bfa0 commented 1 year ago

Related to #1382; probably needs fixing npcz/magic upstream.

anitagraser commented 1 year ago

After adding setup-node, the new error is "Resource not accessible by integration"

gegnew commented 1 year ago

Also having the same issue; I think it's not having GITHUB_TOKEN set in secrets: https://github.com/iterative/cml/issues/595

Particularly, for me, I had set the workflow permissions in the actions yaml; which was overwriting the permissions configured through the github settings UI. Updated like:

    permissions:
      actions: write
      contents: write
      id-token: write
      issues: write
      pull-requests: write

surely these aren't all necessary

dacbd commented 1 year ago

@anitagraser and @gegnew correct that message is coming the token not having enough permissions for some operation.

if you are working on a forked repo I would check settings like in screenshots of the referenced issue. If you are not using the cml runner subcommand then github's token should be sufficient for everything with the following:

permissions:
  contents: write
  pull-requests: write

If you are using cml comment to write/create an issue then issues: write may be required. If you are using cml pr and are modifying a github actions workflow from your workflow then actions: write would be required.

Note: that the default token (if NO permissions are set) and your org/user has not changed any of the default actions/permission-related settings then the default token is enough for all operations minus cml runner or modify a github actions workflow.

However, if you include ANY permissions in your definition for example id-token: write then you need to list all of your required permissions, which would depend on your workflow.

permissions:
  id-token: write
  contents: write
  pull-requests: write

should cover 95% of use cases outside of cml runner

If you need any more help feel free to open a permissions-related issue, if you can link me to the GitHub workflow or provide a snippet and I can take a look and help further.

anitagraser commented 1 year ago

Thank you, @dacbd. Enabling read and write permissions for actions did the trick.