-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bad Credentials #28
Comments
If you haven't tried this already, can you set the |
Actually, I'm now remembering I had pushed another change related to GHES support, but I didn't have a GHES deployment to test it with so it's just been sitting on a branch. If you could try using |
Hey mate gave it a whirl but ran into the same issue for both
|
Did you try |
Same issue, though for GHE im 99% sure it cant change the pre-domian and so must use the
|
Gotcha. It's difficult for me to help debug this since I don't have access to a GHES deployment. Some ideas:
|
Ok tried with debug doesn't look that helpful:
And yes our self hosted runners do have the proxy info set up, and we need to use a corp cert to auth. But that seems to be working. |
Another stab in the dark: are you able to successfully authenticate using the same token to connect manually to the GHES API, e.g. via If so, can you try to create a standalone nodejs script that uses the token to create an octokit client and calls the same If that also works, I think the next step would be to try forking the action and using https://github.com/mxschmitt/action-tmate for further debugging, if you're up for it. |
Hey mate, I tried running import * as github from '@actions/github'
const token = "****"
const client = new github.GitHub(token)
const authenticatedUserResponse = await client.users.getAuthenticated()
console.log(authenticatedUserResponse) But I get: const client = new github.GitHub(token)
^
TypeError: github.GitHub is not a constructor
Node.js v20.3.1 So looks like So then I tried const token = "***"
const org = "my-org***"
const octokit = github.getOctokit(token);
const response = await octokit.rest.teams.list({
org,
}); And I got the same issue: So then I looked through the response and realised it was still calling Now I get Now the js runs fine and we get a Same for curl curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer *****"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://corp-url.com/api/v3/orgs/my-org***/teams responds Key takeaways: However that being said it doesn't work in my github action Run rmacklin/team-sync@042d3b844823ea5ae2a03c23ea55e1c822deab51
with:
repo-token: ***
team-data-path: .github/teams.yaml
prefix-teams-with: GCP-
env:
GITHUB_API_URL: https://corp-url.com/api/v3
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt
Error: HttpError: Bad credentials
Error: Bad credentials So now I'm not sure what to try next? Would really appreciate some more logs from octokit to help narrow down the issue. |
Could we perhaps add https://octokit.github.io/rest.js/v19#debug |
Luckily I am using self hosted runners so I can access the underlying runner very easily. I tired running the above script directly on the runner and go the same results. So looks like |
Ok realised i had an issue with my package version. So re ran the tests this time pinning to "dependencies": {
"@actions/core": "^1.2.6",
"@actions/github": "^2.2.0",
"@octokit/rest": "^16.43.1"
}, Code// connection.js
import * as github from '@actions/github'
const token = "****"
const client = new github.GitHub(token);
const authenticatedUserResponse = await client.users.getAuthenticated();
const authenticatedUser = authenticatedUserResponse.data.login;
console.log(authenticatedUser) Now if you just run that you get But if you set the env vars GITHUB_API_URL=https://corp-url/api/v3 NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt node conenction.js Then it works fine. This is running directly on the github actions runner itself. So when I run: - uses: rmacklin/team-sync@042d3b844823ea5ae2a03c23ea55e1c822deab51
env:
GITHUB_API_URL: https://corp-url/api/v3
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt
with:
repo-token: "${{ secrets.ORG_ADMIN_ACCESS_TOKEN }}" I am really confused why it fails |
Ok so I was looking at and if i switch it to using const client = new github.GitHub(token, {baseUrl: "https://corp-url/api/v3"}); I can get it to connect. So seems to me that the old version being used does not honor the So @rmacklin I think the easy fix here is to update the version of What is strange though is that version 2.2.0 should support it as per: |
Hey @duxbuse, Thanks for looking into this more! Could you try using |
Hey mate works a charm thanks for this. Only issue i've got now is: ##[debug]Existing team members for team slug gcp-team-reviewers:
##[debug]["s41853"]
##[debug]Keeping s41853 in gcp-team-reviewers
##[debug]Adding s76785 to gcp-team-reviewers
Error: HttpError: Not Found
Error: Not Found
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Run rmacklin/team-sync@85f43964155f083db1b573accaedab207eab3c95 I am trying to add a user to a team that doesn't exist on github (yet) would be really nice if the error message reflected that rather than |
Glad to hear that worked! I've gone ahead and released that under |
As for improving that error message, we might be able to explicitly catch that exception and print a more specific error message - that said, it seems like an edge case and as you mentioned, with debug logging enabled, the reason for the error becomes pretty clear... |
Thanks mate appreciate your work ❤️ |
Hey guys, I am trying to run this on github enterprise server.
I set up the PAT correctly I think, perhaps i'm getting this issue cause its not reaching out to my github server but rather github.com?
Error Log
The text was updated successfully, but these errors were encountered: