search

julia-actions / cache

A shortcut action to cache Julia artifacts, packages, and registries.
MIT License
38 stars 8 forks source link

Fixup #71 #75

Closed IanButterworth closed 9 months ago

IanButterworth commented 9 months ago

Fixup Update cache every run. Add /compiled and /logs. Make key sensitive to matrix.

No matter how many times I reviewed.. a few things slipped through.

IanButterworth commented 9 months ago

Anyone have any idea why on this CI we get

X Failed to delete cache: HTTP 403: Resource not accessible by integration (https://api.github.com/repos/julia-actions/cache/actions/caches?key=955244dbf27dbe451f2efd97cc7fe2400086e0f38c5706d01d483a19c95e218e-Linux_6992610093-1)
┌ Error: ProcessFailedException(Base.Process[Process(`gh cache delete 955244dbf27dbe451f2efd97cc7fe2400086e0f38c5706d01d483a19c95e218e-Linux_6992610093-1 --repo julia-actions/cache`, ProcessExited(1))])
└ @ Main ~/work/cache/cache/handle_caches.jl:25

but on PNGFiles it deletes successfully?

Neither this repo's CI.yml nor PNGFiles's test.yml specifies any custom permissions for GITHUB_TOKEN, and neither use any other secrets.

I've tried setting permissions: write-all here but it still fails.

It also fails on the Makie repo

IanButterworth commented 9 months ago

I missed that this is printed in the start of the job.

This repo (403 error)

GITHUB_TOKEN Permissions
  Contents: read
  Metadata: read
  Packages: read

and if I set permissions: write-all, inexplicably I get this

GITHUB_TOKEN Permissions
  Actions: read
  Checks: read
  Contents: read
  Deployments: read
  Discussions: read
  Issues: read
  Metadata: read
  Packages: read
  Pages: read
  PullRequests: read
  RepositoryProjects: read
  SecurityEvents: read
  Statuses: read

Makie (403 error)

GITHUB_TOKEN Permissions
  Actions: read
  Checks: read
  Contents: read
  Deployments: read
  Discussions: read
  Issues: read
  Metadata: read
  Packages: read
  Pages: read
  PullRequests: read
  RepositoryProjects: read
  SecurityEvents: read
  Statuses: read

PNGFiles (cache delete works)

GITHUB_TOKEN Permissions
  Actions: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

None of these yml files contain any permissions: entries, so I guess there's some org level default changes going on.

rikhuijzer commented 9 months ago

None of these yml files contain any permissions: entries, so I guess there's some org level default changes going on.

For the difference between Makie and PNGFiles. Could it be that the one repository is older than the other or the Actions yml file is older than the other? Or because you were working on a fork from Makie and the root repo for PNGFiles? GitHub at some point introduced the permissions: entries and repositories where by default more restrictive from that point onward. Older repositories kept the more flexible settings for, I assume, backwards compatibility.

IanButterworth commented 9 months ago

Ah that must be it. My PNGFiles PR was a regular branch and it's an older repo so might just be more permissive. The rest are fork branches.

I decided to put the workflow and job name into the default cache-name based on trying this out with the Makie CI setup which does things more through separate ymls than matrixes (matrices??)

IanButterworth commented 9 months ago

I'll merge to see if this fixes cache delete once on main

IanButterworth commented 9 months ago

Yeah it works on main now