search

octokit / request-action

A GitHub Action to send arbitrary requests to GitHub's REST API
https://github.com/marketplace/actions/GitHub-API-Request
MIT License
377 stars 47 forks source link

Wrongly encoded `ref` parameter #73

Closed Betree closed 3 years ago

Betree commented 3 years ago

In https://github.com/opencollective/opencollective-frontend/blob/1eab647efdf0d953c1675d076273b177d4a38180/.github/workflows/e2e.yml#L90, we use request-action to fetch the matching branch on remote repository (GET /repos/{owner}/{repo}/git/{ref}).

This used to generate a valid URL like https://api.github.com/repos/opencollective/opencollective-frontend/git/refs/heads/debt/remove-guest-tokens, but since a few days we're getting an encoded version of the parameter instead, which results in the branch appearing as missing: https://api.github.com/repos/opencollective/opencollective-frontend/git/refs%2Fheads%2Fdebt%2Fremove-guest-tokens.

Maybe that's similar to https://github.com/octokit/request-action/issues/71? Is there a way to tell request-action to not URL encode a parameter?

Full debug log:

##[debug]Evaluating: secrets.GITHUB_TOKEN
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'GITHUB_TOKEN'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating condition for step: 'Check matching branch'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Check matching branch
##[debug]Loading inputs
##[debug]Evaluating: github.ref
##[debug]Evaluating Index:
##[debug]..Evaluating github:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'ref'
##[debug]=> 'refs/heads/debt/remove-guest-tokens'
##[debug]Result: 'refs/heads/debt/remove-guest-tokens'
Warning: Unexpected input(s) 'owner', 'repo', 'ref', valid inputs are ['route', 'mediaType']
##[debug]Loading env
Run octokit/request-action@v2.x
GET /repos/:owner/:repo/git/:ref
> owner: opencollective
> repo: opencollective-frontend
> ref: refs/heads/debt/remove-guest-tokens
> mediaType: [object Object]
##[debug]route: 'GET /repos/:owner/:repo/git/:ref'
##[debug]parameters: {
##[debug]  owner: 'opencollective',
##[debug]  repo: 'opencollective-frontend',
##[debug]  ref: 'refs/heads/debt/remove-guest-tokens',
##[debug]  mediaType: {}
##[debug]}
##[debug]parsed request options: {
##[debug]  method: 'GET',
##[debug]  headers: {
##[debug]    accept: 'application/vnd.github.v3+json',
##[debug]    'user-agent': 'octokit-action.js/3.2.0 octokit-core.js/3.2.4 Node.js/12.13.1 (linux; x64)'
##[debug]  },
##[debug]  request: { hook: [Function: bound bound register] },
##[debug]  data: undefined,
##[debug]  url: 'api.github.com/repos/opencollective/opencollective-frontend/git/refs%2Fheads%2Fdebt%2Fremove-guest-tokens'
##[debug]}
##[debug]RequestError [HttpError]: Not Found
##[debug]    at /home/runner/work/_actions/octokit/request-action/v2.x/dist/index.js:6214:23
##[debug]    at processTicksAndRejections (internal/process/task_queues.js:93:5)
##[debug]    at async main (/home/runner/work/_actions/octokit/request-action/v2.x/dist/index.js:404:39) {
##[debug]  name: 'HttpError',
##[debug]  status: 404,
##[debug]  headers: {
##[debug]    'access-control-allow-origin': '*',
##[debug]    'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset',
##[debug]    connection: 'close',
##[debug]    'content-encoding': 'gzip',
##[debug]    'content-security-policy': "default-src 'none'",
##[debug]    'content-type': 'application/json; charset=utf-8',
##[debug]    date: 'Thu, 28 Jan 2021 10:33:08 GMT',
##[debug]    'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
##[debug]    server: 'GitHub.com',
##[debug]    status: '404 Not Found',
##[debug]    'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
##[debug]    'transfer-encoding': 'chunked',
##[debug]    vary: 'Accept-Encoding, Accept, X-Requested-With',
##[debug]    'x-content-type-options': 'nosniff',
##[debug]    'x-frame-options': 'deny',
##[debug]    'x-github-media-type': 'github.v3; format=json',
##[debug]    'x-github-request-id': '07C0:4133:C9115:292009:601292E4',
##[debug]    'x-ratelimit-limit': '1000',
##[debug]    'x-ratelimit-remaining': '939',
##[debug]    'x-ratelimit-reset': '1611832435',
##[debug]    'x-ratelimit-used': '61',
##[debug]    'x-xss-protection': '1; mode=block'
##[debug]  },
##[debug]  request: {
##[debug]    method: 'GET',
##[debug]    url: 'api.github.com/repos/opencollective/opencollective-frontend/git/refs%2Fheads%2Fdebt%2Fremove-guest-tokens',
##[debug]    headers: {
##[debug]      accept: 'application/vnd.github.v3+json',
##[debug]      'user-agent': 'octokit-action.js/3.2.0 octokit-core.js/3.2.4 Node.js/12.13.1 (linux; x64)',
##[debug]      authorization: 'token [REDACTED]'
##[debug]    },
##[debug]    request: { hook: [Function: bound bound register] }
##[debug]  },
##[debug]  documentation_url: 'docs.github.com/rest'
##[debug]}
Error: Not Found
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Check matching branch
gr2m commented 3 years ago

Sorry for the unintended change in behavior. The new behavior is actually correct, but I was not aware that URL parameters were not encoded until a recent dependency update. See also https://github.com/octokit/request-action/issues/71

Right now both your links return 404 for me

I was able to reproduce the problem with the debug/coverage branch

The problem in this case is the route. Instead of GET /repos/{owner}/{repo}/git/{ref}, use GET /repos/{owner}/{repo}/git/ref/{ref}

- GET /repos/{owner}/{repo}/git/{ref}
+ GET /repos/{owner}/{repo}/git/ref/{ref}

Then remove the refs/ prefix, which will result in

https://api.github.com/repos/opencollective/opencollective-frontend/git/ref/heads%2Fdebug%2Fcoverage

The git routes to get a single reference and a list of (matching) reference changed a while ago, you are still using the old one. It still works, but the response is unpredictable, it can be an object or an array, depending on the request. The two new endpoints address that problem.

Betree commented 3 years ago

Fantastic, thank you very much @gr2m. I'll update our CI with the route that you've suggested.