SWA Create fails when branch has branch protections preventing commits

[TheOpsMgr]

Does this occur consistently? Yes Repro steps:

1. Follow the steps here - https://docs.microsoft.com/en-us/azure/static-web-apps/getting-started?tabs=vanilla-javascript
2. Complete steps in Wizard
3. process fails and extension reports Server 500 error

Action: staticWebApps.createStaticWebApp Error type: 500 Error Message: An error has occurred.

Version: 0.5.0 OS: win32 OS Release: 10.0.19042 Product: Visual Studio Code Product Version: 1.53.2 Language: en

Call Stack

``` new RestError extension.bundle.js:48:64839 extension.bundle.js:48:1490514extension.bundle.js:48:1490514 processTicksAndRejections task_queues.js:97:5 ```

[nturinski]

Thanks for reporting. Unfortunately with just these steps, I can't reproduce this error. 500 errors tend to be transient though so if you try it again, it may resolve your error.

If it persists, could you give me more specific details about your setup? I assume that you're using the sample project provided in the tutorial.

[TheOpsMgr]

{ "code": "DeploymentFailed", "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.", "details": [ { "code": "InternalServerError", "message": "There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: d870e19c-b1c2-4453-a4dc-72f4d56c122c" } ] }

I'm using my own GitHub Repo which just has static HTML files located in /outputs/html/

More details available in Support request ID | 2102230010006760

[nturinski]

Would it be possible for you to try creating another static web app? Are you able to create one via the Portal?

Also what type of Azure subscription do you have? It's possible that Static Web Apps doesn't play nice with that subscription yet, as it's still in preview.

[TheOpsMgr]

I have checked trying to manually create this in the portal on several subscriptions

• Regional Director Sponsorship - MS-AZR-0036P = fail
• Partner MSDN - MS-AZR-0025P = fail
• PAYG - MS-AZR-0003P = Fail

Same server 500 error.

Deployment Operations output from trying to manually create a static website in West US2

[ { "id": "/subscriptions//resourceGroups/DOG-Toolkit-New/providers/Microsoft.Resources/deployments/Microsoft.Web-StaticApp-Portal-2c417d31-9802/operations/3660F6332698E0E2", "operationId": "3660F6332698E0E2", "properties": { "provisioningOperation": "Create", "provisioningState": "Failed", "timestamp": "2021-02-25T11:28:44.2520785Z", "duration": "PT9.2386534S", "trackingId": "35246e3a-490f-41cb-9c61-79d134e6852c", "serviceRequestId": "770d6770-005f-4c7d-9cd2-6a38f35f2dd5", "statusCode": "BadRequest", "statusMessage": { "status": "Failed", "error": { "code": "InternalServerError", "message": "There was an unexpected InternalServerError. Please try again later. x-ms-correlation-request-id: 62cd7f74-1db7-4bf6-a7ba-5dac8cfb22be" } }, "targetResource": { "id": "/subscriptions//resourceGroups/DOG-Toolkit-New/providers/Microsoft.Web/staticSites/DevOpsGroupToolkit-New", "resourceType": "Microsoft.Web/staticSites", "resourceName": "DevOpsGroupToolkit-New" } } } ]

[TheOpsMgr]

Ok ,making progress...

I cloned the repo from my company org (devopsguys) and pushed it as a private remote to my personal account (@theOpsMgr)... and the deployment worked.

So it would seem that there is something (possibly permissions related) on the company-controlled repo that is causing the deployment to fail.

I only have "maintain" rights in that repo, for example.

[nturinski]

Odd, the repo shouldn't even be selectable unless you have admin rights to it. Were you able to see your company org repository when creating from the extension? Or was that repo only selectable from the portal?

[TheOpsMgr]

Is there a way to quickly double check my actual rights on a specific repo?

But yes I could enumerate the repo list from both portal and vs code extension.

Although via the extension in VS Code I don't recall being prompted for the branch as shown in the screenshots in the online walk through docs.

S.

On Thu, 25 Feb 2021, 19:42 Nathan, notifications@github.com wrote:

Odd, the repo shouldn't even be selectable unless you have admin rights to it. Were you able to see your company org repository when creating from the extension? Or was that repo only selectable from the portal?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/microsoft/vscode-azurestaticwebapps/issues/305#issuecomment-786153964, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAZSVGSZHBD4AMJ2UKBNSADTA2R3LANCNFSM4YDC36NQ .

--

A  Floor 22, Capital Tower, Greyfriars Road | Cardiff, CF10 3AG T 0800 368 7378  www.devopsgroup.com https://www.devopsgroup.com/  | Twitter https://www.twitter.com/devopsgroup  | Facebook https://www.facebook.com/devopsgroup/  | LinkedIn https://www.linkedin.com/company/4993617/ Confidentiality Notice:  This e-mail message may contain confidential information and is intended only for the use of the intended recipient(s). Any unauthorised disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. If this e-mail is received in error, please contact DevOpsGroup Ltd immediately on 0800 368 7378 with details of the sender and addressee and delete the e-mail. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. DevOpsGroup Ltd is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail.  DevOpsGroup Ltd - Registered & England and Wales. - Company No. 8464231. - VAT No. GB171945881. Privacy policy:  Your data privacy and security is important to us here at DevOpsGroup. Our Privacy Policy https://www.devopsgroup.com/privacy-policy/ provides you with clear detail on what information we collect, what we do with the information, and your rights. If you do happen to have any questions, please drop us a message at GDPR@devopsgroup.com mailto:GDPR@devopsgroup.com

DevOpsGroup Ltd - Registered & England and Wales. - Company No. 8464231. - VAT No. GB171945881.

[nturinski]

Hmm, I think if you can see the Settings tab on the repository, that means that you have admin/owner rights. Otherwise you will have to check your role in the repository.

[AzCode-Bot]

This issue has been closed automatically because it needs more information and has not had recent activity. See also our issue reporting guidelines.

Happy Coding!

[TheOpsMgr]

OK, finally got some more time to investigate

The repo that generates the Azure Server 500 error has branch protection rules in place - the personal repo fork that deploys correctly does not.

These are the branch protection settings.

The only other difference I can see in the settings is that the failing repo has many many AZURE_STATIC_WEB_APPS_API_TOKEN in secrets from all the failed deployment attempts, and the succeeding repo on has the one.

[nturinski]

@miwebst @anthonychu

Yeah, I think the issue then is that branch protections are preventing Static Web Apps from commiting the workflow yaml that it uses to configure the SWA.

The failing repo having many AZURE_STATIC_WEB_APPS_API_TOKEN is probably just a by-product of trying and failing repeatedly. If you're able to create a new branch off that repository, you may be able to bypass the branch protections.

Alternatively, I wonder if you uncheck the "Include administrators" if it would let Azure to override those protections though I don't really recommend that.

[TheOpsMgr]

yup - if I create a branch prior to deployment and use that in the Static Web Apps wizard it completes successfully.

So definitely branch protection! nice to find an answer!

[TheOpsMgr]

BTW if I have a static HTML site located in /outputs/html/index.html what should my SWA config be?

I tried a number of configs and couldn't get it to work, so I ended up cheating and put a index.html in / with a response.redirect to point it to /outputs/html/index.html but that's clearly not how it should work!

      ###### Repository/Build Configurations - These values can be configured to match you app requirements. ######
      # For more information regarding Static Web App workflow configurations, please visit: https://aka.ms/swaworkflowconfig
      app_location: "/" # App source code path
      api_location: "api" # Api source code path - optional
      output_location: "" # Built app content directory - optional
      ###### End of Repository/Build Configurations ######

[nturinski]

I would think that if you set output location as outputs/html it should probably serve the proper index.html. But where does all your build output go then? Do you mind telling me what framework you are using?

[TheOpsMgr]

It's just a GitHub action to build some static HTML from .adoc files in the repo - https://github.com/marketplace/actions/build-asciidoctor-docker-action. Output is put into /outputs/html, /outputs/pdf, /outputs/epub.

[anthonychu]

@miwebst Are we able to return a better error so it's more clear what the problem is?

related https://github.com/Azure/static-web-apps/issues/241