Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] file: Not Found. Make sure the branch where signatures are stored is NOT protected. #165

Open
Couto opened this issue Dec 18, 2024 · 1 comment
Open

[BUG] file: Not Found. Make sure the branch where signatures are stored is NOT protected. #165

Couto opened this issue Dec 18, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@Couto
Copy link

Couto commented Dec 18, 2024
edited
Loading

Describe the bug
We're trying to store signatures in a different repository.

To Reproduce

  1. Create a private repository inside an organization (<cla-repo-name>) (Default settings)
  2. In the repository that you want the contributor-assistant/github-action to run (<repo-name>), add the following file to .github/workflows/on-pull-request-cla.yml
name: "CLA Assistant"
on:
  issue_comment:
    types: [created]
  pull_request_target:
    types: [opened, closed, synchronize]

# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
permissions:
  actions: write
  contents: write # this can be 'read' if the signatures are in remote repository
  pull-requests: write
  statuses: write

jobs:
  CLAAssistant:
    runs-on: ubuntu-latest
    steps:
      - name: "CLA Assistant"
        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
        uses: contributor-assistant/github-action@v2.6.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # the below token should have repo scope and must be manually added by you in the repository's secret
          # This token is required only if you have configured to store the signatures in a remote repository/organization
          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
        with:
          path-to-signatures: "<repo-name>/signatures/version1/cla.json"
          path-to-document: "https://github.com/<org-name>/<repo-name>/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT.md" # e.g. a CLA or a DCO document
          # branch should not be protected
          branch: "main"
          allowlist: bot*

          # the followings are the optional inputs - If the optional inputs are not given, then default values will be taken
          remote-organization-name: <org-name>
          remote-repository-name: <cla-repo-name>
          suggest-recheck: false
          #create-file-commit-message: 'For example: Creating file for storing CLA Signatures'
          #signed-commit-message: 'For example: $contributorName has signed the CLA in $owner/$repo#$pullRequestNo'
          #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign'
          #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA'
          #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.'
          #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
          #use-dco-flag: true - If you are using DCO instead of CLA
  1. Open a Pull Request from a fork (or a normal Pull Request for that matter)
  2. Sign the CLA by adding the required comment
    Screenshot 2024-12-18 at 14 26 17
  3. Github Action fails with the following error:
Run contributor-assistant/github-action@v2.6.1
  with:
    path-to-signatures: <repo-name>/signatures/version1/cla.json
    path-to-document: https://github.com/<org-name>/<repo-name>/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT.md
    branch: main
    allowlist: bot*
    remote-organization-name: <org-name>
    remote-repository-name: <cla-repo-name>
    suggest-recheck: false
    use-dco-flag: false
    lock-pullrequest-aftermerge: true
  env:
    GITHUB_TOKEN: ***
    PERSONAL_ACCESS_TOKEN: ***
CLA Assistant GitHub Action bot has started the process
Error: Error occurred when creating the signed contributors file: Not Found. Make sure the branch where signatures are stored is NOT protected.
Error: Committers of pull request [2](https://github.com/<org-name>/<repo-name>/actions/runs/12393606425/job/34598991416?pr=28#step:2:2)8 have to sign the CLA

Expected behavior
I was expecting the action to create the following folder structure in <cla-repo-name>: <repo-name>/signatures/version1/ with the cla.json file inside.

Screenshots
If applicable, add screenshots to help explain your problem.

Questions

Github has a new Personal Token System (Fine-grained tokens), could anyone clearly state which permissions are required to assign to that token?

Also, since now, developers can create tokens owned by an organization (Resource owner), are those compatible? And if so, which permissions do they require?

Thank you
@Couto Couto added the bug Something isn't working label Dec 18, 2024
@Couto
Copy link
Author

Couto commented Dec 18, 2024

Ok, for future reference.

The problem was a spelling mistake in the name of the remote repository.

Nevertheless it would be really useful to know the answers to the questions at the bottom for better documentation of the process. Thank you <3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Couto