search

pulumi / actions

Deploy continuously to your cloud of choice, using your favorite language, Pulumi, and GitHub!
Apache License 2.0
238 stars 72 forks source link

Not able to edit comment, defaulting to creating a new comment errors #1195

Open fxdgear opened 2 weeks ago

fxdgear commented 2 weeks ago

What happened?

When running a pulumi preview, the comment on pr action fails. 

Warning: Not able to edit comment, defaulting to creating a new comment.
HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/pulumi/actions/v5.2.4/webpack:/pulumi-github-action/node_modules/@octokit/request/dist-node/index.js:86:1
    at processTicksAndRejections (node:internal/process/task_queues:95:5)

Example

name: Pulumi-Preview
on:
  pull_request:
    paths:
      - "path/to/pulumi"

permissions:
  id-token: write
  contents: read
jobs:
  preview:
    uses: orgname/github-workflows/.github/workflows/preview.yml@main
    with:
      resource-group: rg
      aks-cluster-name: cluster
      stack-name: orgname/project-name/stage-silver
      work-dir: path/to/pulumi
    secrets:
      client-id: ${{ secrets.PULUMI_AZURE_CLIENT_ID }}
      tenant-id: ${{ secrets.PULUMI_AZURE_TENANT_ID }}
      subscription-id: ${{ secrets.PULUMI_AZURE_SUBSCRIPTION_ID }}
      pulumi-access-token: ${{ secrets.PULUMI_ACCESS_TOKEN }}

reusable workflow referenced by above ^^

name: Pulumi-Preview
on:
  workflow_call:
    inputs:
      resource-group:
        description: "Azure Resource Group"
        required: true
        type: string
      aks-cluster-name:
        description: "AKS Cluster Name"
        required: true
        type: string
      stack-name:
        description: "Pulumi Stack Name"
        required: true
        type: string
      work-dir:
        description: "Working Directory"
        required: true
        type: string
    secrets:
      pulumi-access-token:
        required: true
        description: "Pulumi Access Token"
      client-id:
        required: true
        description: "Azure Client Id"
      tenant-id:
        required: true
        description: "Azure Tenant Id"
      subscription-id:
        required: true
        description: "Azure Subcription Id"

permissions:
  id-token: write
  contents: read
jobs:
  preview:
    name: Pulumi Preview
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Log in to Azure
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.client-id }}
          tenant-id: ${{ secrets.tenant-id }}
          subscription-id: ${{ secrets.subscription-id }}

      - name: Install kubectl
        run: |
          az aks install-cli

      - name: Set AKS Context
        run: |
          az aks get-credentials --resource-group ${{ inputs.resource-group }} --name ${{ inputs.aks-cluster-name }} --overwrite-existing
          kubelogin convert-kubeconfig -l azurecli

      - name: Install Pulumi Dependencies
        run: |
          cd ${{ inputs.work-dir }}
          pip install -r requirements.txt

      - name: Pulumi Preview
        uses: pulumi/actions@v5.2.4
        with:
          command: preview
          stack-name: ${{ inputs.stack-name }}
          work-dir: ${{ inputs.work-dir }}
          comment-on-pr: true
          comment-on-summary: true
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.pulumi-access-token }}
          ARM_USE_OIDC: "true"
          ARM_CLIENT_ID: ${{ secrets.client-id }}
          ARM_TENANT_ID: ${{ secrets.tenant-id }}
          ARM_SUBSCRIPTION_ID: ${{ secrets.subscription-id }}

Output of pulumi about

Run pulumi/actions@v5.2.4
  with:
    command: preview
    stack-name: orgname/project-name/stage-silver
    work-dir: infra/azure/foo
    comment-on-pr: true
    comment-on-summary: true
    pulumi-version: ^3
    github-token: ***
    expect-no-changes: false
    diff: false
    target-dependents: false
    refresh: false
    upsert: false
    remove: false
    edit-pr-comment: true
    color: auto
    exclude-protected: false
    suppress-outputs: false
    suppress-progress: false
Pulumi version 3.119.0 is already installed on this machine. Skipping download
Logging into the Pulumi Cloud backend.
pulumi preview on orgname/project-name/stage-silver
Warning: Not able to edit comment, defaulting to creating a new comment.
HttpError: Resource not accessible by integration
    at /home/runner/work/_actions/pulumi/actions/v5.2.4/webpack:/pulumi-github-action/node_modules/@octokit/request/dist-node/index.js:86:1
    at processTicksAndRejections (node:internal/process/task_queues:95:5)

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

fxdgear commented 2 weeks ago

I realized I wasn't adding the GH token to the referenced workflow, so I did that too and it's still throwing the same error.

fxdgear commented 2 weeks ago

right now I've turned the commenting off but I would like it to be usable again.

tgummerer commented 2 weeks ago

@fxdgear Does the GH token you added have permissions to commenting on GitHub issues?

More generally though, I think you don't need a special GH token in GitHub actions, however the job you pasted above seems to miss a issues: write permission, which is what would give the token that's used by the pulumi action by default access to comment on issues and edit comments.

fxdgear commented 2 weeks ago

@tgummerer that seems like it would be the trick.

let me update my jobs and see how it behaves.

thanks

tgummerer commented 1 week ago

Great, let us know if doing that helped!