Failure on forked repo - Token secret not supplied #3
Description
On a forked repo the secret is not available. figure out a way to have this workflow run. Test should have already been done in the scratchpad, however they weren't. this was the purpose of nofusscomputing/scratchpad#8
- ❓ Can the git job token be used??
Run actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e
with:
project-url: https://github.com/orgs/nofusscomputing/projects/[3](https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28742085387#step:2:3)
Error: Input required and not supplied: github-token
Debugging
-
🔴 Action: opened by collaborator
https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144059
-
🔴 Action: assigned by collaborator
https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478
-
🔴 Action: edited by collaborator_
https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382453884
-
🟢 Action: milestoned by repo owner
https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381380285
-
🟢 Action: assigned by repo owner
https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382250836
-
🔴 Action: edited by repo owner
https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382256327
Proposed Solution 1
Split workflow into two parts. Triage runs in the context of the issue/PR and on completion triggers (workflow_run) the actual workflow which should run in the context of the repo. Idea is the same as this action
for this to work the details of what was triaged will be required to be passed to triggered workflow.
- triage.yaml
---
name: Triage
on:
issues:
types:
- opened
- reopened
- transferred
- milestoned
- demilestoned
- closed
- assigned
pull_request:
types:
- opened
- edited
- assigned
- reopened
- closed
jobs:
project:
name: Fetch Triage Details
runs-on: ubuntu-latest
steps:
- name: Collect Triage Details
shell: bash
run: |
echo "triage_event_name=${{ github.event_name }}" > triage_details-project.txt;
echo "triage_event_action=${{ github.event.action }}" >> triage_details-project.txt;
if [ "${{ github.event_name }}" == 'pull_request' ]; then
echo "triage_item_number=${{ github.event.pull_request.number }}" >> triage_details-project.txt;
echo "triage_item_url=https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}" >> triage_details-project.txt;
else
echo "triage_item_number=${{ github.event.issue.number }}" >> triage_details-project.txt;
echo "triage_item_url=https://github.com/${{ github.repository }}/issues/${{ github.event.issue.number }}" >> triage_details-project.txt;
fi;
echo "[Debug]************************************";
cat triage_details-project.txt;
echo "[Debug]************************************";
- name: Upload Triage Data
uses: actions/upload-artifact@v4
with:
name: triage-details-project
path: triage_details-project.txt
- project.yaml
---
name: 'Project'
on:
workflow_run:
workflows:
- 'Triage'
types:
- completed
permissions:
contents: read
actions: read
jobs:
prepare-project-triage:
name: Project Triage
runs-on: ubuntu-latest
outputs:
triage_event_name: ${{ steps.triage-output.outputs.triage_event_name }}
triage_event_action: ${{ steps.triage-output.outputs.triage_event_action }}
triage_item_number: ${{ steps.triage-output.outputs.triage_item_number }}
triage_item_url: ${{ steps.triage-output.outputs.triage_item_url }}
steps:
## Additional Steps
- name: Fetch triage Details
uses: actions/download-artifact@v4
with:
name: triage-details-project
run-id: ${{ github.event.workflow_run.id }}
- name: Set Outputs
id: triage-output
shell: bash
run: |
cat triage_details-project.txt > $GITHUB_OUTPUT
project:
name: Project
needs:
- prepare-project-triage
uses: nofusscomputing/action_project/.github/workflows/project.yaml@development
with:
PROJECT_URL: https://github.com/orgs/nofusscomputing/projects/3
TRIAGE_EVENT_NAME: ${{ needs.prepare-project-triage.outputs.triage_event_name }}
TRIAGE_EVENT_ACTION: ${{ needs.prepare-project-triage.outputs.triage_event_action }}
TRIAGE_ITEM_NUMBER: ${{ needs.prepare-project-triage.outputs.triage_item_number }}
TRIAGE_ITEM_URL: ${{ needs.prepare-project-triage.outputs.triage_item_url }}
secrets:
WORKFLOW_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
Solution 1 Problem
There does not appear to be a way to specify the item url for action actions/add-to-project
-
ref: Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341
Adds feature that allows specifying via payload
Links
-
Blocks: feat(playbooks): migration of centurion playbooks to github ansible_collection_centurion#17
-
Blocked By: Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341
-
Related: new line scratchpad#8 namely comment
-
Related: Action does not work on PRs from forks actions/add-to-project#163
Tasks
-
🚧 Does "Proposed solution 1" work
-
Update workflow to use proposed
TRIAGE_variablesTRIAGE_EVENT_NAME: ${{ needs.prepare-project-triage.outputs.triage_event_name }} TRIAGE_EVENT_ACTION: ${{ needs.prepare-project-triage.outputs.triage_event_action }} TRIAGE_ITEM_NUMBER: ${{ needs.prepare-project-triage.outputs.triage_item_number }} TRIAGE_ITEM_URL: ${{ needs.prepare-project-triage.outputs.triage_item_url }}
-
All Conditional statements updated for
TRIAGE_variables -
Add to projectaction receives specifieditem_number -
update fieldactions receives specifieditem_number -
🟢 Partial success. see Failure on forked repo - Token secret not supplied #3 (comment)
-
🟢 forked repo test was a success for secrets access. Failure on forked repo - Token secret not supplied #3 (comment)
-
-
/cc @jasonpagetas