-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
::error::Input required and not supplied: token #298
Comments
Your inputs look fine to me. What happens if you don't specify the - name: Checks out flutter
uses: actions/checkout@v2
with:
repository: flutter/flutter
ref: refs/heads/master
path: flutter Either way should work... the default when not specified is |
I'm getting
From this workflow file:
I think the problem is actually mentioned on GitHub's secrets page:
The "Learn more" links to this page that doesn't provide more information but repeats the message: I found this discussion on the topic of forks getting some secrets access as "security by obscurity" https://github.community/t/make-secrets-available-to-builds-of-forks/16166/32 |
I have the same problem. How did you solve it? |
So far I've found this workaround: google/gvisor@315c167 Another shorter workaround: |
I started to have this issue in all the repositories which I set the token manually since yesterday or so. If I retrigger the build manually it works, also works sometimes automatically. E.g. https://github.com/timonwong/vscode-shellcheck/runs/2077175092 This is not from fork, neither a pull request, so I wonder what's happening. |
We're encountering this issue too for almost a week now. It suddenly started without a change in our workflows. |
EDIT: nevermind, turns out it's by design: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ Landed here from a google search for "octokit input required and not supplied". Same issue as the previous two commenters, but I'm noticing this behavior in the https://github.com/actions/github-script action instead of checkout.
Maybe 5 or so days ago, I noticed my auto-merge jobs failing in this way when attempting to merge PRs from dependabot. |
It would be cool to get any feedback here. It isn't very pleasant to constantly have to restart the workflows. |
Suddenly got this on my repos (auto merging dependabot PRs) which worked fine for 6+months. |
Working for me, after changed event type pull_request to pull_request_target. |
However i think just chaning the event type to pull_request_target is regarded as unsecure when you are using secrets in your workflow. This would mean anyone forking the repo could steal secrets and do any sort of malicious actions. I guess for private repos this will not exist but for public repos it will. So any other solutions here? |
Changing to |
@felipecrs I understand . But when i do a explicit checkout via ${{ github.event.pull_request.head.sha }} itshould work, right? |
Yes, right. But if your PRs don't come from forks, you were not supposed to need |
Fyi @TomasVotruba here is an even shorter workaround :) You can use the truthy behavior to fallback the built-in token token: ${{ secrets.MY_TOKEN || github.token }} |
@felipecrs I looked at the run you linked, and it looks like it's because you are using the As @Xunnamius and @MannarAmuthan this behavior change is intentional and related to this recent change: https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ I'm going to close this issue. If anyone is still having an issue, please open a new issue. In summary, this error is expected if you are attempting to use a secret on a fork PR or a run triggered by dependabot. |
@ericsciple Could you please explain why that solves the issue? If |
Is this still an issue? I have the below that fails, even though the repository (
Workflow:
FYI: I have done |
I'm running into this issue in a private repository where a check is failing on pull requests opened by dependabot. If I remove with:
token: ${{ secrets.PAT_TOKEN }} from - name: Checkout code
uses: actions/checkout@v2
with:
token: ${{ secrets.PAT_TOKEN }} the workflow still fails. What's the recommended approach on getting my workflow to run in my private repository, even if it's opened by dependabot? |
Remove TOKEN from checkout. see - actions/checkout#298
hi @dtcMLOps can you elaborate on exactly how you got this working? our repos are private. we have reusable-workflow as well and dependabot is failing on
our job -
the reusable-workflow-terraform.yml -
and this is where its failing us. |
Hi @cwong-archy are you defining the secret in the reusable workflow? this is an example of how to define the secret in the reusable workflow |
@dtcMLOps oh. even though i inherit everything i still have to define it huh? this is what i have -
|
Hi @cwong-archy, yes. According to the docs you have to define the secret inside the reusable workflow definition. |
thanks @dtcMLOps i'll give it a go!!! 🙏🏻🙏🏻🙏🏻 |
@dtcMLOps thank you... it worked!!! |
In private organisation, steps:
- name: Checkout code
uses: actions/checkout@v2
with:
token: ${{ github.token }} |
works for my own and dependabot's pushes. |
revision 01/17: instead of removing actions/checkout, keep actions/checkout but remove the `token` field and add `persist-credentials` field. tested with a [mirror script](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) and creates [expected pull request](#141730) Issue: when running github actions, the [tokens not found error](actions/checkout#298) still happens( `Input required and not supplied: token`). We are not using fork PR or dependabot, and it's flaky when the well defined token isn't find in the inputs. We hit this error when invoking [market place actions/checkout](https://github.com/actions/checkout): [example failed run 1](https://github.com/flutter/flutter/actions/runs/7546108771/job/20543199801), [example failed run 2](https://github.com/flutter/flutter/actions/runs/7546141972/job/20543265842) In this PR, Remove the dependency on marketplace actions to make our workflow more reliable and less flaky. other changes to remove actions/checkout dependency: 1. embedded token url for git push Tried a number of ways and this is the only / best workaround I found to resolve [the notorious problem of pushing without ssh key](https://stackoverflow.com/questions/22147574/github-fatal-could-not-read-username-for-https-github-com-no-such-file-o). 2. added back `--head` `--head` is now needed to avoid [abort](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548409479/job/20550397014) Test: a [replicate of the actions file](https://github.com/XilaiZhang/miscellaneous-side-project/blob/master/.github/workflows/easy-cp.yml) is [tested](https://github.com/XilaiZhang/miscellaneous-side-project/actions/runs/7548448024/job/20550521341) on my personal repo, and it creates the [expected PR](#141647)
Fix for dependabot PRs: actions/checkout#298 (comment)
Fix for dependabot PRs: actions/checkout#298 (comment)
Fix for dependabot PRs: actions/checkout#298 (comment)
Hello everyone, for those
Here's how my name: CI/CD Pipeline
on:
push:
branches:
- main
jobs:
github-actions-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout psycopg2 Repository
uses: actions/checkout@v4
with:
repository: jkehler/awslambda-psycopg2
path: ./awslambda As you notice the repository awslambda-psycopg2 is public, but based on the docs act provides
I understood that when your workflow runs in github actions it creates a token automatically on your user's behalf, so to work this locally I created a PAT with no access what so ever and passed it as a secret to act -s GITHUB_TOKEN=$ACT_GITHUB_TOKEN |
@apurvdeodhar
act command:
|
…and not supplied: token" when run in act Apparently, we need a GitHub access token when running locally. I use a new Personal Access Token with read-only rights for that: $ act -s GITHUB_TOKEN=ghp_... workflow_dispatch Source: actions/checkout#298 (comment)
…and not supplied: token" when run in act Apparently, we need a GitHub access token when running locally. I use a new Personal Access Token with read-only rights for that: $ act -s GITHUB_TOKEN=ghp_... workflow_dispatch Source: actions/checkout#298 (comment)
Hello everyone...
I'm trying to fetch another public repo and I've tried to put the TOKEN as explained... but even if I do, for some odd reason is still TELLING ME that the token is missing????? Sorry but I'm a bit stressed about this :/ perhaps I'm just being too dumb.
The text was updated successfully, but these errors were encountered: