::error::Input required and not supplied: token #298
Comments
|
Your inputs look fine to me. What happens if you don't specify the - name: Checks out flutter
uses: actions/checkout@v2
with:
repository: flutter/flutter
ref: refs/heads/master
path: flutterEither way should work... the default when not specified is |
|
I'm getting
From this workflow file: I think the problem is actually mentioned on GitHub's secrets page:
The "Learn more" links to this page that doesn't provide more information but repeats the message: I found this discussion on the topic of forks getting some secrets access as "security by obscurity" https://git.luolix.topmunity/t/make-secrets-available-to-builds-of-forks/16166/32 |
I have the same problem. How did you solve it? |
|
So far I've found this workaround: google/gvisor@315c167 Another shorter workaround: |
|
I started to have this issue in all the repositories which I set the token manually since yesterday or so. If I retrigger the build manually it works, also works sometimes automatically. E.g. https://github.com/timonwong/vscode-shellcheck/runs/2077175092 This is not from fork, neither a pull request, so I wonder what's happening. |
|
We're encountering this issue too for almost a week now. It suddenly started without a change in our workflows. |
|
EDIT: nevermind, turns out it's by design: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ Landed here from a google search for "octokit input required and not supplied". Same issue as the previous two commenters, but I'm noticing this behavior in the https://github.com/actions/github-script action instead of checkout.
Maybe 5 or so days ago, I noticed my auto-merge jobs failing in this way when attempting to merge PRs from dependabot. |
|
It would be cool to get any feedback here. It isn't very pleasant to constantly have to restart the workflows. |
|
Suddenly got this on my repos (auto merging dependabot PRs) which worked fine for 6+months. |
|
Working for me, after changed event type pull_request to pull_request_target. |
|
However i think just chaning the event type to pull_request_target is regarded as unsecure when you are using secrets in your workflow. This would mean anyone forking the repo could steal secrets and do any sort of malicious actions. I guess for private repos this will not exist but for public repos it will. So any other solutions here? |
|
Changing to |
|
@felipecrs I understand . But when i do a explicit checkout via ${{ github.event.pull_request.head.sha }} itshould work, right? |
|
Yes, right. But if your PRs don't come from forks, you were not supposed to need |
|
Fyi @TomasVotruba here is an even shorter workaround :) You can use the truthy behavior to fallback the built-in token token: ${{ secrets.MY_TOKEN || github.token }} |
|
@felipecrs I looked at the run you linked, and it looks like it's because you are using the As @Xunnamius and @MannarAmuthan this behavior change is intentional and related to this recent change: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ I'm going to close this issue. If anyone is still having an issue, please open a new issue. In summary, this error is expected if you are attempting to use a secret on a fork PR or a run triggered by dependabot. |
|
@ericsciple Could you please explain why that solves the issue? If |
|
Is this still an issue? I have the below that fails, even though the repository ( Workflow: FYI: I have done |
I'm running into this issue in a private repository where a check is failing on pull requests opened by dependabot. If I remove with:
token: ${{ secrets.PAT_TOKEN }}from - name: Checkout code
uses: actions/checkout@v2
with:
token: ${{ secrets.PAT_TOKEN }}the workflow still fails. What's the recommended approach on getting my workflow to run in my private repository, even if it's opened by dependabot? |
Remove TOKEN from checkout. see - actions/checkout#298
hi @dtcMLOps can you elaborate on exactly how you got this working? our repos are private. we have reusable-workflow as well and dependabot is failing on
our job - the reusable-workflow-terraform.yml - and this is where its failing us. |
|
Hi @cwong-archy are you defining the secret in the reusable workflow? this is an example of how to define the secret in the reusable workflow |
@dtcMLOps oh. even though i inherit everything i still have to define it huh? this is what i have - |
|
Hi @cwong-archy, yes. According to the docs you have to define the secret inside the reusable workflow definition. |
thanks @dtcMLOps i'll give it a go!!! 🙏🏻🙏🏻🙏🏻 |
@dtcMLOps thank you... it worked!!! |
|
In private organisation, steps:
- name: Checkout code
uses: actions/checkout@v2
with:
token: ${{ github.token }} |
works for my own and dependabot's pushes. |
revision 01/17: instead of removing actions/checkout, keep actions/checkout but remove the `token` field and add `persist-credentials` field. tested with a [mirror script](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) and creates [expected pull request](#141730) Issue: when running github actions, the [tokens not found error](actions/checkout#298) still happens( `Input required and not supplied: token`). We are not using fork PR or dependabot, and it's flaky when the well defined token isn't find in the inputs. We hit this error when invoking [market place actions/checkout](https://github.com/actions/checkout): [example failed run 1](https://github.com/flutter/flutter/actions/runs/7546108771/job/20543199801), [example failed run 2](https://github.com/flutter/flutter/actions/runs/7546141972/job/20543265842) In this PR, Remove the dependency on marketplace actions to make our workflow more reliable and less flaky. other changes to remove actions/checkout dependency: 1. embedded token url for git push Tried a number of ways and this is the only / best workaround I found to resolve [the notorious problem of pushing without ssh key](https://stackoverflow.com/questions/22147574/github-fatal-could-not-read-username-for-https-github-com-no-such-file-o). 2. added back `--head` `--head` is now needed to avoid [abort](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548409479/job/20550397014) Test: a [replicate of the actions file](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) is [tested](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548448024/job/20550521341) on my personal repo, and it creates the [expected PR](#141647)
Fix for dependabot PRs: actions/checkout#298 (comment)
Fix for dependabot PRs: actions/checkout#298 (comment)
Fix for dependabot PRs: actions/checkout#298 (comment)
|
Hello everyone, for those
Here's how my name: CI/CD Pipeline
on:
push:
branches:
- main
jobs:
github-actions-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout psycopg2 Repository
uses: actions/checkout@v4
with:
repository: jkehler/awslambda-psycopg2
path: ./awslambdaAs you notice the repository awslambda-psycopg2 is public, but based on the docs act provides
I understood that when your workflow runs in github actions it creates a token automatically on your user's behalf, so to work this locally I created a PAT with no access what so ever and passed it as a secret to act -s GITHUB_TOKEN=$ACT_GITHUB_TOKEN |
|
@apurvdeodhar act command: |
ghost
mentioned this issue
…and not supplied: token" when run in act Apparently, we need a GitHub access token when running locally. I use a new Personal Access Token with read-only rights for that: $ act -s GITHUB_TOKEN=ghp_... workflow_dispatch Source: actions/checkout#298 (comment)
…and not supplied: token" when run in act Apparently, we need a GitHub access token when running locally. I use a new Personal Access Token with read-only rights for that: $ act -s GITHUB_TOKEN=ghp_... workflow_dispatch Source: actions/checkout#298 (comment)
and others
Hello everyone...
I'm trying to fetch another public repo and I've tried to put the TOKEN as explained... but even if I do, for some odd reason is still TELLING ME that the token is missing????? Sorry but I'm a bit stressed about this :/ perhaps I'm just being too dumb.
The text was updated successfully, but these errors were encountered: