Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: fix HTTP PUT request to the GitHub REST API #1664

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

ci: fix HTTP PUT request to the GitHub REST API #1664

wants to merge 9 commits into from

Conversation

aeworxet
Copy link
Contributor

@aeworxet aeworxet commented Jan 27, 2025
edited
Loading

This PR attempts to fix the HTTP PUT request to the GitHub REST API.
It is merged despite some uncertainty, as the necessary conditions can be met only in production environment.

Related to #1620

@aeworxet
Copy link
Contributor Author

aeworxet commented Feb 3, 2025
edited
Loading

I tried nearly every option specified in the GitHub Docs, both with fine-grained and legacy tokens, but

  • with github-token specified I get Error: Input required and not supplied: github-token

  • without github-token specified and using any other method of authentication I get Resource not accessible by integration

The property permissions, neither with actions: write nor with write-all, has no effect in any place of the workflow.

The request itself successfully executes manually with header

Authorization: token token_specified_as_GH_TOKEN_in_GH_Actions

so there is no mistake in it.

@derberg, do you have ideas on what else could be researched?

@Shurtu-gal
Copy link
Contributor

@aeworxet If it is working manually then there is some problem in the workflow itself.

Could you try passing secrets.GH_TOKEN to github-token itself?

You could try this endpoint as well https://docs.github.com/en/rest/orgs/members?apiVersion=2022-11-28#create-an-organization-invitation

Also better would be to use their calls itself instead of raw API calls.https://octokit.github.io/rest.js/v21/#orgs-create-invitation

@aeworxet aeworxet changed the title ci: fix and improve automation around MAINTAINERS.yaml ci: fix HTTP PUT request to the GitHub REST API Feb 7, 2025
@aeworxet aeworxet marked this pull request as ready for review February 7, 2025 02:33
derberg
derberg reviewed Feb 7, 2025
View reviewed changes
.github/workflows/maintainer_management.yml Outdated
@@ -94,15 +96,23 @@ jobs:
- name: Invite new maintainers to the organization
uses: actions/github-script@v6
with:
github-token: ${{ env.GH_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't it just be

Suggested change
github-token: ${{ secrets.GITHUB_TOKEN }}
github-token: ${{ GITHUB_TOKEN }}

cause you already have

env:
  GH_TOKEN: ${{ secrets.GH_TOKEN }}
  GH_TOKEN_ORG_ADMIN: ${{ secrets.GH_TOKEN_ORG_ADMIN }}

also GITHUB_TOKEN doesn't exist but GH_TOKEN

and last but not least, why we pass different token and later have this in code

const ghTokenOrgAdmin = process.env.GH_TOKEN_ORG_ADMIN;

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

according to https://github.com/actions/github-script/tree/v6.0.0?tab=readme-ov-file#using-a-separate-github-token if you pass token through github-token config, the client inside the script is already using it

the best I suggest you take whole workflow and ask ChatGPT to analize - it is well trained to analize existing workflows

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also GITHUB_TOKEN doesn't exist but GH_TOKEN

GITHUB_TOKEN is a special random token that GitHub generates automatically on each workflow run, and with GH_TOKEN, the step doesn't run at all.

shouldn't it just be ${{ GITHUB_TOKEN }}

You can use the GITHUB_TOKEN by using the standard syntax for referencing secrets: ${{ secrets.GITHUB_TOKEN }}.
https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication

and last but not least, why we pass different token and later have this in code

I receive 401 regardless of the way it's written, but I set it directly to ${{ secrets.GH_TOKEN_ORG_ADMIN }}; maybe this variant will work.

Review new version of code, please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derberg derberg derberg left review comments

@quetzalliwrites quetzalliwrites Awaiting requested review from quetzalliwrites quetzalliwrites is a code owner

@asyncapi-bot-eve asyncapi-bot-eve Awaiting requested review from asyncapi-bot-eve asyncapi-bot-eve is a code owner

@thulieblack thulieblack Awaiting requested review from thulieblack thulieblack is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Bounty Program
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aeworxet @Shurtu-gal @derberg