Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using Github CLI in workflow fails for gh variable set with Not Found error #9093

Open
aniespica opened this issue May 16, 2024 · 2 comments
Open

Using Github CLI in workflow fails for gh variable set with Not Found error #9093

aniespica opened this issue May 16, 2024 · 2 comments
Labels
bug Something isn't working gh-variable relating to the gh variable command

Comments

@aniespica
Copy link

Describe the bug

Since March, we've encountered persistent issues within our workflows, specifically related to the GitHub CLI integration. Whenever utilizing the CLI in a workflow, we consistently encounter the error message: Failed to set variable PREV_HEAD": HTTP 404: Not Found (https://api.github.com/repos/***/****/actions/variables).

Given that workflows running on self-hosted runners are unaffected by this error and successfully set the variable as intended, we're considering migrating all workflows utilizing the GitHub CLI to leverage self-hosted runners.

While we've outlined a potential workaround, we seek further insights or guidance from the community to address this issue more comprehensively. Any suggestions, troubleshooting steps, or similar experiences shared would be greatly appreciated.

Version
gh version 2.49.2 (2024-05-13)

Workflow
runs-on: ubuntu-latest
Current runner version: '2.316.1'

Example: Update variables fails

on:
    push:
      branches:
        - 'release/*.*.0'
env:
    GH_TOKEN: ${{ secrets.SecretToken }}

jobs:
    create-branch:
       permissions:
        contents: write
      outputs:
        create-package: ${{ steps.update-variables.outputs.create-package }}
      runs-on: ubuntu-latest
      steps:
      # Update the variables (if a branch was created)
        - name: "Update variables"
          id: update-variables
          run: |
            gh variable set PREV_HEAD --body $CUR_HEAD
            gh variable set NEXT_MINOR --body $((NEXT_MINOR + 1))
            echo "create-package=true" >> $GITHUB_OUTPUT

Example: Update variables success

on:
    push:
      branches:
        - 'release/*.*.0'
env:
    GH_TOKEN: ${{ secrets.SecretToken }}

jobs:
    create-branch:
       permissions:
        contents: write
      outputs:
        create-package: ${{ steps.update-variables.outputs.create-package }}
      runs-on: ubuntu-latest
      steps:
      # Update the variables (if a branch was created)
        - name: "Update variables"
          id: update-variables
          run: |
            curl  -L \
            -X PATCH \
            -H "Accept: application/vnd.github+json" \
            -H "Authorization: Bearer $GH_TOKEN" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
             https://api.github.com/repos/**/**/actions/variables/BETA_RELEASE_LOCK \
            -d '{"name":"BETA_RELEASE_LOCK","value":"true"}'
@aniespica aniespica added the bug Something isn't working label May 16, 2024
@cliAutomation cliAutomation added the needs-triage needs to be reviewed label May 16, 2024
@andyfeller
Copy link
Contributor

@aniespica : let's see if we can figure out what might be going on here! 👍 I have several questions regarding the examples above as well as the state of the variables you're setting?

  1. What kind of token are you using with GH_TOKEN?

    env:
  GH_TOKEN: ${{ secrets.SecretToken }}

    At first glance, I'm assuming this is a PAT rather than the automatic token in GITHUB_TOKEN, however I see later that you're specifying permissions on a job, which is used to scope the GITHUB_TOKEN.

  2. Have you had any problems because of the inconsistent YAML formatting in the examples above?

    Normally, GitHub Actions would fail a run due to these inconsistencies, so I'd like to try using the following for troubleshooting:

    on:
  push:
   branches:
     - 'release/*.*.0'
env:
  GH_TOKEN: ${{ secrets.SecretToken }}
jobs:
  create-branch:
    permissions:
      contents: write
    outputs:
      create-package: ${{ steps.update-variables.outputs.create-package }}
    runs-on: ubuntu-latest
      steps:
        # Update the variables (if a branch was created)
        - name: "Update variables"
          id: update-variables
          run: |
            gh variable set PREV_HEAD --body $CUR_HEAD
            gh variable set NEXT_MINOR --body $((NEXT_MINOR + 1))
            echo "create-package=true" >> $GITHUB_OUTPUT

  3. What does setting GH_DEBUG environment variable to api say about how this is failing?

    Not know where $CUR_HEAD or NEXT_MINOR come from or what they contain, I could see these commands failing because they are not quoted / being word splitted. We really need to see more from the workflow logs as well as what requests are actually being made to understand what about your setup is causing this to fail.

@andyfeller andyfeller added gh-variable relating to the gh variable command and removed needs-triage needs to be reviewed labels May 16, 2024
@aniespica
Copy link
Author

Hello @andyfeller,

  1. You correct is a PAT, but I try with the GITHUB_TOKEN and fails.
  2. No I don't have problems with the YAML. I remove the permission and try if works but same error.
  3. I share the full YAML file for context:
name: Release Production CI
# Run the workflow every saturday at 00:00
# How 2 CRON: https://crontab.guru/
# If you're reading this on VSCode, you can also hover the mouse over the CRON string
on:
    schedule:
      - cron: '0 17 * * 6'
    push:
      branches:
        - 'release/*.*.0'
    workflow_dispatch:
# The secret is found at https://github.com/Veevarts/Auctifera/settings/secrets/actions
# The variables are found at https://github.com/Veevarts/Auctifera/settings/variables/actions
env:
    GH_TOKEN: ${{ secrets.RELEASE_CREATION_PAT }}
    NEXT_MINOR: ${{ vars.NEXT_MINOR }}
    RELEASE_BRANCH: "release/${{ vars.MAYOR }}.${{ vars.NEXT_MINOR }}.0"
    SALESFORCE_VERSION: ${{ vars.SALESFORCE_VERSION }}
    VERSION_NUMBER: "${{ vars.MAYOR }}.${{ vars.NEXT_MINOR }}.0"
    CUMULUSCI_SERVICE_github: ${{ secrets.CUMULUSCI_SERVICE_github }}

jobs:
    create-branch:
      # The Workflow/Action needs to modify the repository to create the branch
      outputs:
        create-package: ${{ steps.update-variables.outputs.create-package }}
      runs-on: ubuntu-latest
      steps:
        # Get the repo contents
        - name: "Checkout Code"
          uses: actions/checkout@v4
          with:
            fetch-depth: 0
        # Save the SHA of the last modification of force-app/main/default
        - name: "Get current head SHA"
          id: get-sha
          run: |
            echo "CUR_HEAD=$(git --no-pager log -1 --format=format:%H -- force-app/main/default)" >> $GITHUB_ENV
        # Create the release branch IF the SHAs differ
        - name: "Create the new branch"
          id: new-branch
          if: ${{ github.event_name == 'schedule' && env.CUR_HEAD != vars.PREV_HEAD }}
          run: |
            git branch $RELEASE_BRANCH
            git push -u origin $RELEASE_BRANCH
      # Update the variables (if a branch was created)
        - name: "Update variables"
          id: update-variables
          run: |
            gh variable set PREV_HEAD --body $CUR_HEAD
            gh variable set NEXT_MINOR --body $((NEXT_MINOR + 1))
            echo "create-package=true" >> $GITHUB_OUTPUT

Workflow with GITHUB_TOKEN
image

Workflow with secrets.RELEASE_CREATION_PAT
image

I try gh variable set PREV_HEAD --body "test" and get the same error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working gh-variable relating to the gh variable command
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andyfeller @aniespica @cliAutomation