Open arigesher opened 1 year ago
This message appears to be generated from line 44 of the source code for gitops-pusher, which is apparently used by the GitHub Actions action of topic, part of the definition of function modifiedExternallyError(), which appears to be called in apply() lines 67-69, and also in test() lines 108-110, in each case like so:
if cache.PrevETag != controlEtag {
modifiedExternallyError()
}
controlEtag
comes from getACLEtag(), and cache.PrevETag is passed as an argument to the function.
getACLEtag appears to make an api call to /api/v2/tailnet/<my-tailnet>/acl
, and to return an ETag value from the HTTP response header.
We are also having this problem. Every pull request against our ACL results in this annotation.
I dug into the code and gitops-pusher
seems to want to read the previously pushed ETag from a file called version-cache.json
in the current directory: https://github.com/tailscale/tailscale/blob/main/cmd/gitops-pusher/gitops-pusher.go#L33
However, I don't see anything in this action that would populate that file, or override its path, or maintain it between runs: https://github.com/tailscale/gitops-acl-action/blob/main/action.yml
Aha, from reading the README of this repo (which I should have done in the first place) I've learned that version-cache.json
is meant to be saved and restored by using this action in combination with actions/cache
- an example workflow is provided there.
Description
The Github action fires a warning when testing edits to the policy file. This appears to have no effect on the test, but it does issue a confusing warning message:
This is confusing because it implies that there may be edits via the console that shouldn't have been made when using GitOps to manage the file. (Or I'm really confused and we do have edits in the console that aren't being reflected).
Desired Behavior
Don't issue the warnning.
Logs/Screenshots
Here's line 1 from our policy file:
In the diff view, the annotation looks like this: