search

wearerequired / lint-action

✨ GitHub Action for detecting and auto-fixing lint errors
MIT License
568 stars 136 forks source link

Errors when using private fork #627

Closed tomconte closed 1 year ago

tomconte commented 1 year ago

Hi all,

We tried using this GitHub action in the following context: private target repo in an organization, private fork in a user repo.

We got the following errors:

Error: This action does not have permission to create annotations on forks. You may want to run it only on `pull_request_target` events with checks permissions set to write. See https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions for details.
Adding "xxx/platformops-agile-plant-accelerator" fork as remote with Git
Fetching remote branch "jvl/blob-sdk"
remote: Repository not found.
fatal: repository 'https://github.com/xxx/platformops-agile-plant-accelerator.git/' not found
Error: Command failed: git fetch --no-tags --depth=1 fork jvl/blob-sdk
remote: Repository not found.
fatal: repository 'https://github.com/xxx/platformops-agile-plant-accelerator.git/' not found

Here is my understanding of the issues:

Error 1: Error: This action does not have permission to create annotations on forks.

The cause: as described in the action's Limitations section in the README, workflows triggered from forks have read-only capability on the target repo, for security reasons. This means also that they cannot add annotations to the code.

In our case, because we are using private repos, and we have checked the option "Send write tokens to workflows from fork pull requests.", it is possible that this error message is incorrect, and that annotations would work.

I checked the GITHUB_TOKEN permissions and it has "write" for everything, so I think this first error message should just be ignored in our case, correct?

Could the action check the actual permissions to verify the situation, before emitting this message?

Error 2: Error: Command failed: git fetch

The cause here is that our fork is private, and the workflow running in the target repo does not have permissions to fetch it.

I have two questions here:

  1. If we don't want to use auto-fix, which is the default, is there a reason to fetch the branch from the remote?
  2. Is there a way we could allow the action to fetch the private fork?

Thanks!

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.