search

osrf / docker_images

A repository to hold definitions of docker images maintained by OSRF
Apache License 2.0
573 stars 172 forks source link

Automatic PR generation fails to push #530

Open mikaelarguedas opened 3 years ago

mikaelarguedas commented 3 years ago

Last night the foxy and rolling images were out of date and CI tried to creat PRs to update them but failed with:

    HUB_REPO: ros
    HUB_RELEASE: rolling
    HUB_OS_NAME: ubuntu
    HUB_OS_CODE_NAME: focal
Traceback (most recent call last):
HUB_REPO:  ros
  File "/home/runner/work/docker_images/docker_images/.ci/ci_script.py", line 158, in main
HUB_RELEASE:  rolling
    test_diffs(diffs)
HUB_OS_NAME:  ubuntu
  File "/home/runner/work/docker_images/docker_images/.ci/ci_script.py", line 51, in test_diffs
HUB_OS_CODE_NAME:  focal
Error:     raise ValueError('Autogenerated files are not up to date')
GIT_UPSTREAM_REPO_SLUG:  osrf/docker_images
ValueError: Autogenerated files are not up to date

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/runner/work/docker_images/docker_images/.ci/ci_script.py", line 224, in main
    repo.git.push(
  File "/opt/hostedtoolcache/Python/3.9.4/x64/lib/python3.9/site-packages/git/cmd.py", line 545, in <lambda>
    return lambda *args, **kwargs: self._call_process(name, *args, **kwargs)
  File "/opt/hostedtoolcache/Python/3.9.4/x64/lib/python3.9/site-packages/git/cmd.py", line 1011, in _call_process
    return self.execute(call, **exec_kwargs)
  File "/opt/hostedtoolcache/Python/3.9.4/x64/lib/python3.9/site-packages/git/cmd.py", line 828, in execute
    raise GitCommandError(command, status, stderr_value, stdout_value)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(1)
  cmdline: git push --force upstream_pr ros/rolling/ubuntu/focal:ros/rolling/ubuntu/focalNone

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/runner/work/docker_images/docker_images/.ci/ci_script.py", line 279, in <module>
    main()
  File "/home/runner/work/docker_images/docker_images/.ci/ci_script.py", line 228, in main
    raise ValueError(
ValueError: Force push to branch:ros/rolling/ubuntu/focal failed! Stderr omitted to protect secrets.
---

@ruffsl FYI

ruffsl commented 3 years ago

Why is None appended to the end of the git push command?

  cmdline: git push --force upstream_pr ros/rolling/ubuntu/focal:ros/rolling/ubuntu/focalNone
mikaelarguedas commented 3 years ago

I suspect this is a misleading print as we use the exact same string before and after the : Maybe something changed in the permissions / token of the osrf-docker-builder user? I do not have access to that account so am unable to look further into it. Maybe @tfoote or @nuclearsandwich would know more ? The last successful push was on April 28th The first failed push was on May 5th

tfoote commented 3 years ago

My best guess is that the keys used to push might have been invalidated? Possibly relating to codecov security @nuclearsandwich I see an attached specific key instead of leveraging single use github generated keys which I think can work for our use case: https://docs.github.com/en/actions/reference/authentication-in-a-workflow

mikaelarguedas commented 1 year ago

@tfoote @nuclearsandwich Any news on this topic ? I would love to stop opening these PRs by hand ^^'

ruffsl commented 1 year ago

@tfoote @nuclearsandwich @sloretz with some current template changes:

we'll need this issue resolved so we can finally address:

Any updates?

I think our GITHUBTOKEN that was Personal Access Tokens from @osrf-docker-builder would need to be reissued.

https://github.com/osrf/docker_images/settings/secrets/actions

Alternatively, between the time that we first added our bot, it seems GitHub Actions marketplace supports this integration:

https://github.com/marketplace/actions/create-pull-request

@mikaelarguedas , it seems that the setting to allow GitHub Actions to create pull requests is already enabled for osrf/docker_images. I think we could also use this to open PR from our org's fork of docker-library/official-images:

There also seems to be a caveat on using automated PR to trigger automated workflows:

Note: If you want pull requests created by this action to trigger an on: push or on: pull_request workflow then you cannot use the default GITHUB_TOKEN. See the documentation here for workarounds.