Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Actions API requires authentication #4

Open
JayFoxRox opened this issue Feb 2, 2020 · 6 comments
Open

GitHub Actions API requires authentication #4

JayFoxRox opened this issue Feb 2, 2020 · 6 comments

Comments

@JayFoxRox
Copy link
Owner

Since I have made this tool (not even a week ago), the required permissions for the GitHub Actions API were changed. It no longer works for guests. You need to be authenticated and authorized now.

This tool can't handle that (yet?).

Even then, the artifact URLs themselves are also only for authenticated users, so just redirecting the user is not enough anymore.

In general, I'm really frustrated with how GitHub Actions is being rolled out so far. I feel like half my time is spent working around their issues or guessing what their docs / comments on forums and issues seem to imply about future developments. I don't think I'll continue working on this tool for now (I'd still be happy to accept any pull-request which makes this tool better).
This was referenced Feb 2, 2020
Open
Open
@agitter agitter mentioned this issue Mar 27, 2020
Open
@Titaniumtown
Copy link

Would love for this to be fixed!

@Titaniumtown
Copy link

Maybe a check could be added to see if your rate limit has been exceeded?

@Titaniumtown
Copy link

I've added a check in #5 in "artifact_lib.py" (a new file added in that PR) to see if you've hit your rate limit. Should be a temp fix for this issue. It at least prevents a ton of errors!

This was referenced Aug 24, 2020
Open
Open
@JayFoxRox
Copy link
Owner Author

Maybe a check could be added to see if your rate limit has been exceeded?

Rate-Limiting would be a separate issue.

Last I checked, without an API key, I believe you got an error about not having the necessary permissions (or a more confusing message?). At the very least, the URLs returned by the API wouldn't work for guest users (which defeats the purpose of this project).

@Titaniumtown
Copy link

I got an idea, what about just completely by-passing the github api, and just parse html pages? It would be quite a lot of work. But in the end, it would work 🤷

@JayFoxRox
Copy link
Owner Author

No. It wouldn't work.

The GitHub Actions tab doesn't have links for guest users. It only works for users logged in with their GitHub account. That's also part of the cross-referenced issue actions/upload-artifact#51

Example of an artifact URL: https://github.com/xqemu/xqemu/suites/915768139/artifacts/11124753

  • Works when logged into GitHub
  • Error 404 when opened without being logged into GitHub

This is an issue with GitHub that we can't work around.

It wasn't an issue when this repository (and GitHub Actions + APIs) were created, but very shortly after, GitHub added these nonsensical permission checks.

It can (probably) only be worked around by providing a GitHub account for guest-users, and acting like a proxy (which causes a lot of traffic, security issues and likely violations of the GitHub TOS or other problems).

To ultimately solve this issue, GitHub should change their policies. That is what actions/upload-artifact#51 is about. So please complain in that issue to raise awareness.

@JayFoxRox JayFoxRox mentioned this issue Aug 25, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JayFoxRox @Titaniumtown