Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Parameter token or opts.auth is required #356

Open
AntonSaurytski83 opened this issue Oct 30, 2024 · 6 comments
Open

Error: Parameter token or opts.auth is required #356

AntonSaurytski83 opened this issue Oct 30, 2024 · 6 comments

Comments

@AntonSaurytski83
Copy link

with:
repository: antonsaurytski83/polar-deployment
event-type: app_delivery
client-payload: { "app_image": "ghcr.io/antonsaurytski83/catalog-service", "app_name": "catalog-service", "app_version": "dc4704191e8b1c3d46d22929c7eff93232e5378d" }
env:
OWNER: antonsaurytski83
REGISTRY: ghcr.io
APP_REPO: catalog-service
DEPLOY_REPO: polar-deployment
VERSION: dc4704191e8b1c3d46d22929c7eff93232e5378d
Error: Parameter token or opts.auth is required
@meyrevived
Copy link

This is happening to me also...

@sitolam
Copy link

sitolam commented Dec 18, 2024

+1

@peter-evans
Copy link
Owner

Is this happening consistently, or just occasionally?

@meyrevived
Copy link

For me, it's consistently.
However, I do see it when I use this action in a pull_request workflow that runs pull requests from forked repositories to the main repository. Github has a security policy to stop secrets from being used in these scenarios, so it could be that this is the cause of the "bug" we're seeing.

This policy is a good policy, it makes a lot of sense, but it should be refined.
I am a Red Hat worker, I am a member of one of their github organizations, the main repo I'm running pull requests on is in this organization and so if my forked repo. It's a repo of a component of one of their products and I'm developing it. Furthermore, I am a maintainer on said main repository.
Security is very important, but not to the point of paranoia ;)

@peter-evans
Copy link
Owner

However, I do see it when I use this action in a pull_request workflow that runs pull requests from forked repositories to the main repository. Github has a security policy to stop secrets from being used in these scenarios, so it could be that this is the cause of the "bug" we're seeing.

That is very likely to be the issue. The workflow just doesn't have access to secrets in that scenario. My only advice would be to try and refactor the workflows to avoid running on fork pull requests. Perhaps look into using pull_request_target instead, which I believe allows access to secrets.

@meyrevived
Copy link

This is what I've had to do.
The second paragraph of my reply is where this is a pain point and should be addressed by someone on github: I ran into this issue because I was adding a code scan by test coverage analysis tool to my ci workflow which used to be one file. The tool requires a token because there's live data sent to a cloud server etc. The easiest and fastest safe place to keep such a token would be a github secret. Alas, we have this security policy.
The code coverage tools has capabilities to separate their analysis of code changes and test runs between the results of code scans that were run on a main branch and those that were run during pull requests. This is one of the features that we wanted from this tool, actually.
Because of the github security policy one simple github workflow yaml became four files just to make sure the tool gets it's token properly.
Again, this is a fork in the organization, created by one of the maintainer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AntonSaurytski83 @peter-evans @sitolam @meyrevived