Permission denied when running in nektos/act

[surgiie]

I'm using https://github.com/nektos/act to test my github actions locally, but im getting permission denied errors when running this action:

[Deployment/deployment]   💬  ::debug::Apply status options                                                                                                                                    
| INPUT_FILE_PATTERN: *.yaml                                                                                                                                                                   
| INPUT_BRANCH value:                                                                                                                                                                          
| git@github.com: Permission denied (publickey).                                                                                                                                               
| fatal: Could not read from remote repository.                                                                                                                                                
|                                                                                                                                                                                              
| Please make sure you have the correct access rights                                                                                                                                          
| and the repository exists.                                                                                                                                                                   
| Error: Invalid status code: 128                                                                                                                                                              
|     at ChildProcess.<anonymous> (/run/act/actions/stefanzweifel-git-auto-commit-action@v5/index.js:17:19)                                                                                    
|     at ChildProcess.emit (node:events:514:28)                                                                                                                                                
|     at maybeClose (node:internal/child_process:1105:16)                                                                                                                                      
|     at ChildProcess._handle.onexit (node:internal/child_process:305:5) {                                                                                                                     
|   code: 128                                                                                                                                                                                  
| }                                                                                                                                                                                            
| Error: Invalid status code: 128                                                                                                                                                              
|     at ChildProcess.<anonymous> (/run/act/actions/stefanzweifel-git-auto-commit-action@v5/index.js:17:19)                                                                                    
|     at ChildProcess.emit (node:events:514:28)                                                                                                                                                
|     at maybeClose (node:internal/child_process:1105:16)                                                                                                                                      
|     at ChildProcess._handle.onexit (node:internal/child_process:305:5)      

I'm using a token to checkout the repo ( this token belongs to me when running locally, it definitely has permissions needed for this)

- uses: actions/checkout@master
  with:
    fetch-depth: 2
    token: ${{ secrets.GH_TOKEN }}

I have a step to add file and and commit it

- name: Add test file
  run: |
      # ... 
      touch test.yaml
      
 -  name: Commit test.yaml
    uses: stefanzweifel/git-auto-commit-action@v5
    with:
        commit_message: Commit test.yaml [skip actions]
        branch: ${{ github.head_ref }}
        file_pattern: '*.yaml'

When i push to the repo and the action workflow runs on github, it succeeds so im unsure of what im missing here?

Anything stand out or am I missing something? Im an administrator on the repo in question and my token definitely has permissions so im unsure of why this is failing.

[stefanzweifel]

I haven't used the action with act before, so I can't give an immediate answer.

That you use actions/checkout@master and not a pinned version like actions/checkout@v4 probably shouldn't be an issue here.

Maybe this is related to git fetch, as the error happens near that line in the script and you use a custom fetch-depth.
Could you try and disable that by using skip_fetch: true?

As the Action works as expected when run on GitHub Actions and not in Act, I wonder if this is related to how Act communicated with the "outside".
When using Act, does one usually expect that the commit are actually pushed to GitHub. Or is Act more treated as a sandbox environment where nothing can happen to the "outside" and a commit can't be pushed to GitHub?

[surgiie]

As best as i can tell, i think the issue lies with the fact that its trying to push/authenticate with ssh instead of https (via a token)

[stefanzweifel]

Thanks for the explanation!

actions/checkout handles all authentication with the GitHub repo. According to this discussion you could set the ssh-key setting to a supported private key so that ssh is used to authenticate with GitHub.
By default, checkout should use https.

[surgiie]

Yeah im a little confused though, according to the checkout action, if https is the default then it should be running git commands with https instead of ssh so its a bit confusing why its not. Since im passing in the token, id expect that to be the case even more:

- uses: actions/checkout@master
  with:
    fetch-depth: 2
    token: ${{ secrets.GH_TOKEN }}

Since it works in github, im assuming its an issue with act and Ill consider opening an issue with them.

[surgiie]

Actually looks like i found my culprit. act skips a actions/checkout step by copying the local repo into the container. This prevents the actions/checkout step from running, therefore preventing the https/config setup to use my token. They have an option to avoid this:

--no-skip-checkout Do not skip actions/checkout

[stefanzweifel]

@surgiie Glad you found the source of the problem and thank you for documenting the solution here.
I'm sure this will help at least 1other person in the future.