pr-creator does not successfully use GitHub app authentication: "BUG apps auth requested but empty org, please report this to the test-infra repo."

[sosiouxme]

What happened: Using the pr-creator built from latest I ran (real names swapped out with fake):

pr-creator -github-app-private-key-path "${keyfile}" \
           -github-app-id "${appid}" \
           -org origin-org -repo reponame \
           -source app-org:update -branch main \
           -body "Automatically generated update" \
           -title "Automatic update"

INFO[0000] Throttle(0, 0, [])                            client=github
INFO[0000] Looking for a PR to reuse...                 
INFO[0000] App()                                         client=github
INFO[0000] FindIssues(is:open is:pr archived:false repo:origin-org/reponame author:app-org in:title )  client=github
ERRO[0000] Stopping retry due to appsAuthError           client=github error="Get \"https://api.github.com/search/issues?[...]\": 
BUG apps auth requested but empty org, please report this to the test-infra repo. 
Stack: goroutine 1 [running]:\nruntime/debug.Stack()\n\truntime/debug/stack.go:24 +0x5e\nsigs.k8s.io/prow/pkg/github.(*appsRoundTripper).addAppInstallationAuth(0x0?, 0xc000200500)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/app_auth_roundtripper.go:158 +0x9b\nsigs.k8s.io/prow/pkg/github.(*appsRoundTripper).RoundTrip(0xc000344c80, 0xc000200500)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/app_auth_roundtripper.go:104 +0x14c\nnet/http.send(0xc000200400, {0x1eed7c0, 0xc000344c80}, {0x1?, 0x4cb2d4?, 0x2cf8120?})\n\tnet/http/client.go:260 +0x606\nnet/http.(*Client).send(0xc0006ca900, 0xc000200400, {0x0?, 0x0?, 0x2cf8120?})\n\tnet/http/client.go:181 +0x98\nnet/http.(*Client).do(0xc0006ca900, 0xc000200400)\n\tnet/http/client.go:724 +0x912\nnet/http.(*Client).Do(0xc0006ca9f0?, 0x1f0beb8?)\n\tnet/http/client.go:590 +0x13\nsigs.k8s.io/prow/pkg/github.(*ghThrottler).Do(0xc0000c01c0, 0xc000200400)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:435 +0x10c\nsigs.k8s.io/prow/pkg/github.(*client).doRequest(0xc0006d4100, {0x1f0beb8?, 0x2d28400?}, {0x1b75b5d?, 0x5?}, {0xc000c3e000?, 0x418dcb?}, {0x0, 0x0}, {0x0, ...}, ...)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:1096 +0x9c8\nsigs.k8s.io/prow/pkg/github.(*client).requestRetryWithContext(0xc0006d4100, {0x1f0beb8, 0x2d28400}, {0x1b75b5d, 0x3}, {0xc0001c6280, 0x97}, {0x0, 0x0}, {0x0, ...}, ...)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:945 +0x250\nsigs.k8s.io/prow/pkg/github.(*client).readPaginatedResultsWithValuesWithContext(0x0?, {0x1f0beb8, 0x2d28400}, {0xc0001718c0?, 0xe?}, 0xc0006c6820?, {0x0, 0x0}, {0x0, 0x0}, ...)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:1886 +0x17d\nsigs.k8s.io/prow/pkg/github.(*client).readPaginatedResultsWithValues(...)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:1877\nsigs.k8s.io/prow/pkg/github.(*client).FindIssuesWithOrg(0xc0001806c0?, {0x0, 0x0}, {0xc0001807e0, 0x5e}, {0x1b791fb, 0x7}, 0x0)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:3450 +0x47d\nsigs.k8s.io/prow/pkg/github.(*client).FindIssues(0x1bd31d1?, {0xc0001807e0?, 0xc000a87620?}, {0x1b791fb?, 0x4?}, 0xdf?)\n\tsigs.k8s.io/prow@v0.0.0-20240419142743-3cb2506c2ff3/pkg/github/client.go:3419 +0x30\nk8s.io/test-infra/robots/pr-creator/updater.updatePRWithQueryTokens({0x7ffcd09e4d47, 0xd}, {0x7ffcd09e4d5b, 0xf}, {0x7ffcd09e4dd3, 0x27}, {0x7ffcd09e4d9b, 0x30}, {0x1b7c043, 0x9}, ...)\n\tk8s.io/test-infra/robots/pr-creator/updater/updater.go:77 +0x2c5\nk8s.io/test-infra/robots/pr-creator/updater.EnsurePRWithQueryTokens({0x7ffcd09e4d47, 0xd}, {0x7ffcd09e4d5b, 0xf}, {0x7ffcd09e4dd3, 0x27}, {0x7ffcd09e4d9b, 0x30}, {0x7ffcd09e4d73, 0x14}, ...)\n\tk8s.io/test-infra/robots/pr-creator/updater/updater.go:55 +0xe5\nk8s.io/test-infra/robots/pr-creator/updater.EnsurePRWithQueryTokensAndLabels({0x7ffcd09e4d47, 0xd}, {0x7ffcd09e4d5b, 0xf}, {0x7ffcd09e4dd3?, 0x0?}, {0x7ffcd09e4d9b?, 0x0?}, {0x7ffcd09e4d73, 0x14}, ...)\n\tk8s.io/test-infra/robots/pr-creator/updater/updater.go:101 +0xb9\nmain.main()\n\tk8s.io/test-infra/robots/pr-creator/main.go:115 +0x374\n"

Note that the error occurred on the search for matching PR, even though in my case the repo is public; it was trying to auth as directed but ran into this.

What you expected to happen: At least a dry run of a PR being created or updated (should work with -confirm of course too).

How to reproduce it (as minimally and precisely as possible):

• with a github app
• install that app on a repo
• run the command above, specifying the app's client id file and app id and appropriate org/repo

Anything else we need to know?: It looks to me like this almost works, and I would be willing to put together a PR if I could figure out how to connect the dots.

As near as I can tell, this bot got the flags/options for app auth for free when the prow github client library it uses got them; however compared to PATs and oauth2 there is an added need to generate an installation token, which requires looking up the installation based on the org; something must wire the org into the tokenGenerator, and in pr-creator's code nothing does (the client doesn't store the org or tokenGenerator, and the failing call to gc.FindIssues doesn't either). I think that's why we end up with BUG apps auth requested but empty org.

This issue is somewhat related to:

• https://github.com/kubernetes/test-infra/issues/32805 (but here commenter is not even equipped with the app flags yet)
• https://github.com/kubernetes/test-infra/issues/24406 (tide should have worked here but gave the same error - the owner closed explaining the app was missing permissions, but I would have expected a different error in that case; anyway I'm reasonably confident my app has the necessary permissions)

[sosiouxme]

/sig testing