search

suzuki-shunsuke / tfcmt

Fork of mercari/tfnotify. tfcmt enhances tfnotify in many ways, including Terraform >= v0.15 support and advanced formatting options
https://suzuki-shunsuke.github.io/tfcmt/
Other
406 stars 45 forks source link

Issue being commented on Issues instead of PR #1221

Closed takuya-takahash1 closed 4 months ago

takuya-takahash1 commented 5 months ago

tfcmt version

$ tfcmt -v
tfcmt version 4.9.0 (74ffe99cd637180b5b4d79157eb09ccc9ac5b2ad)

Environment

Overview

Question.

I have tfcmt working to comment on Issues and our project fails to comment because we are not using Issues.

I would like to know how to solve this problem, because when I check the tfcmt documentation, it states that GithubActions will comment on relevant Pull-requests without any specific configuration.

Looking at the error text, I see that it tries to comment on 753 Issues and fails, but since the relevant Pull-requests are 753, it doesn't look wrong, but since the Issues are not used, the POST fails as a result.

time="2024-04-18T01:50:16Z" level=error msg="remove labels" error="GET https://api.github.com/repos/org/hogehoge/issues/753/labels?per_page=100: 404 Not Found []" program=tfcmt
time="2024-04-18T01:50:16Z" level=error msg="add a label" error="POST https://api.github.com/repos/org/hogehoge/issues/753/labels: 404 Not Found []" label=add-or-update program=tfcmt
post a comment: POST https://api.github.com/repos/org/hogehoge/issues/753/comments: 404 Not Found []

How to reproduce

tfcmt.yaml

none

githubaction workflow

on:
  pull_request:
    branches:
    - develop
  push:
    branches:
    - develop

  workflow_dispatch:

env:
  TFCMT_VERSION: v4.9.0

jobs:
  Lint:
    runs-on: [self-hosted, itg]
    steps:
    - name: Checkout
      uses: actions/checkout@v4
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v3
      with:
        terraform_version: 1.0.8
    - name: Terraform Format
      run: terraform fmt -recursive

  Infrastructure:
    needs: Lint
    runs-on: [self-hosted, itg]
    strategy:
      fail-fast: false
      max-parallel: 10
      matrix:
        tf_working_dir:

    permissions:
      contents: read
      pull-requests: write

    steps:
    - name: Checkout
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - uses: hashicorp/setup-terraform@v3
      with:
        terraform_version: 1.0.8
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: ${{ env.AWS_DEFAULT_REGION }}
    - name: Get changed files
      id: changed-files
      uses: tj-actions/changed-files@v42
      with:
        files: '${{ matrix.tf_working_dir }}/**'
    - name: tfcmt Install
      run: |
        wget "https://github.com/suzuki-shunsuke/tfcmt/releases/download/${TFCMT_VERSION}/tfcmt_linux_amd64.tar.gz" -O /tmp/tfcmt.tar.gz
        tar xzf /tmp/tfcmt.tar.gz -C /tmp
        mv /tmp/tfcmt /usr/local/bin
        tfcmt --version
    - name: Terraform Init
      if: steps.changed-files.outputs.any_changed == 'true'
      run: |
        cd ${{ matrix.tf_working_dir }}/environment/${{ env.ENVIRONMENT }}
        terraform init -upgrade
    - name: Terraform Plan
      if: steps.changed-files.outputs.any_changed == 'true'
      run: |
        cd ${{ matrix.tf_working_dir }}/environment/${{ env.ENVIRONMENT }}
        export GITHUB_TOKEN=${{ env.GH_APPS_TOKEN }}
        tfcmt plan -patch -- terraform plan --parallelism=50
    - name: Terraform Apply
      if: steps.changed-files.outputs.any_changed == 'true'
      run: |
        cd ${{ matrix.tf_working_dir }}/environment/${{ env.ENVIRONMENT }}
        export GITHUB_TOKEN=${{ env.GH_APPS_TOKEN }}
        tfcmt apply -- terraform apply -auto-approve --parallelism=50

Debug output

$

Expected behaviour

tfcmt to be commented in pull-request.

Actual behaviour

Failure to allow tfcmt to comment on non-existent Issues.

Important Factoids

No response

Note

No response

suzuki-shunsuke commented 5 months ago

GitHub REST API for removing pull request labels is same with the API for removing Issue labels.

https://docs.github.com/en/rest/issues/labels?apiVersion=2022-11-28

You can use the REST API to manage labels for a repository and add or remove labels to issues and pull requests. Every pull request is an issue, but not every issue is a pull request. For this reason, "shared" actions for both features, like managing assignees, labels, and milestones, are provided within the Issues endpoints.

How is env.GH_APPS_TOKEN set? It seems the variable isn't set in your workflow. And if the variable is set properly, does the access token have the permission to write pull requests?

suzuki-shunsuke commented 5 months ago

And if I remember correctly, the permission to write issues is also required to create labels.

takuya-takahash1 commented 5 months ago

@suzuki-shunsuke Thank you for your reply! We have checked and the Token itself is set properly. However, we are using the Github Apps Token, and it seems that the authorization settings are missing to begin with. We are in the process of confirming this with the administrator in our organization. We will report back if there is any progress.

suzuki-shunsuke commented 4 months ago

@takuya-takahash1 Do you have any update?

takuya-takahash1 commented 4 months ago

@suzuki-shunsuke Sorry for the late reply. I checked the permissions on the Github Apps Token that you are using, and the Issues permission is No Access. I changed it to read and write, made changes to the resource created by terraform, and ran checks again with Github Actions, but the same error is still occurring. Probably, it is due to the lack of authorization for Github Apps Token, which we will investigate. You may close this Issue. Thank you for your help.

suzuki-shunsuke commented 4 months ago

Thank you for your update. I close this issue.