Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

About limitation of GITHUB_TOKEN #9

Closed
peaceiris opened this issue Sep 2, 2019 · 40 comments · Fixed by #115
Closed

About limitation of GITHUB_TOKEN #9

peaceiris opened this issue Sep 2, 2019 · 40 comments · Fixed by #115
Assignees
Labels
enhancement New feature or request resolved

Comments

@peaceiris
Copy link
Owner

peaceiris commented Sep 2, 2019

GitHub Actions v2 is still beta and deploying to GitHub Pages with GITHUB_TOKEN has some problems. Until it is fixed, I provide ACTIONS_DEPLOY_KEY to deploy with ssh from peaceiris/actions-gh-pages@v2.0.0

@peaceiris peaceiris self-assigned this Sep 2, 2019
@hakusaro
Copy link

hakusaro commented Sep 5, 2019

Does this cause the fatal: could not read Username for 'https://github.com': No such device or address error?

@peaceiris
Copy link
Owner Author

No, your case seems to be new. Please create a new issue and tell me more details.

@thefringeninja
Copy link

I ran into the same issue. The manual way to fix it is from settings, flip your branch to master and then back to gh-pages.

A better way to fix it is to create a personal access token and use that in secrets instead.

@peaceiris
Copy link
Owner Author

peaceiris commented Sep 5, 2019

Thanks @thefringeninja

I will release v2.1.0 soon. It supports GITHUB_TOKEN and ACTIONS_DEPLOY_KEY. ACTIONS_DEPLOY_KEY is for deploying with ssh.

A better way to fix it is to create a personal access token and use that in secrets instead.

Ok. v2.2.0 will have PERSONAL_TOKEN for setting up with a personal access token.

@peaceiris
Copy link
Owner Author

peaceiris commented Sep 5, 2019

v2.1.0 is released.

@nicolas-van
Copy link
Contributor

@peaceiris : Do you know if there is a support ticket for this problem ?

@peaceiris
Copy link
Owner Author

peaceiris commented Sep 6, 2019

This problem is a known issue. I have faced the same issue on GitHub Actions v1 and some people have reported this to GitHub support. As we see at the JamesIves/github-pages-deploy-action#5, GitHub should already know this. If this issue is not fixed for a long time, we probably
should report this in the GitHub Community Forum as well.

@peaceiris peaceiris mentioned this issue Sep 7, 2019
4 tasks
@peaceiris
Copy link
Owner Author

I found the post on the GitHub Community Forum.

Github action not triggering gh-pages upon push - GitHub Community Forum

Community Manager said:

The GITHUB_TOKEN that is provided as a part of GitHub Actions doesn't have authorization to create any successive events, such as GitHub Pages builds. So while you can push to the gh-pages branch using the GITHUB_TOKEN, it won't spawn a GitHub Pages build. You'll need to create a personal access token and supply it to your GitHub Action as a secret.

@nicolas-van
Copy link
Contributor

nicolas-van commented Sep 10, 2019

Yes, it seems like that's not a bug but a normal behavior in the context of the security rule imposed in Github Actions which is "A workflow can not trigger another workflow".

I posted an answer to ask if they could re-consider this limitation in this precise use case due to the obvious usability issue it creates. I propose that we wait their answer and if it's negative we could just close this issue as "not a bug" and adapt the documentation of this project to explain it will never be possible to use GITHUB_TOKEN. (And that we are doomed to create a personal access token each time we want to use anything other than Jekyll to publish on Github Pages :-) )

@peaceiris
Copy link
Owner Author

Thank you @nicolas-van

Yes, it seems like that's not a bug but a normal behavior in the context of the security rule imposed in Github Actions which is "A workflow can not trigger another workflow".

I got it clearly. I will update the README following your suggestion.

@peaceiris peaceiris added enhancement New feature or request and removed bug Something isn't working labels Sep 10, 2019
@nicolas-van
Copy link
Contributor

Hmmm, according to the most recent answer of this thread it might not be by design in the end. I'm gonna test what is proposed to see if it works when I have some time.

@peaceiris
Copy link
Owner Author

Yes, I am also following that thread.

Here's an example that should work:

# pushes using the user that kicked off the action. Requires `jq` in the builder
git config user.name $(jq .pusher.username $GITHUB_PAYLOAD)
git config user.email $(jq .pusher.email $GITHUB_PAYLOAD)

git add --all
git commit -m "Publish to gh-pages branch"
git remote add pages https://x-access-token:$GITHUB_TOKEN@github.com/:owner/:repo.git
git push pages gh-pages -f

This action already supports the above and I tested at peaceiris/hugo-test-project. I could push to gh-pages branch using GITHUB_TOKEN but GitHub Pages building did not start.

@peaceiris peaceiris added the bug Something isn't working label Sep 11, 2019
peaceiris added a commit that referenced this issue Sep 22, 2019
peaceiris referenced this issue in cristianpb/cristianpb.github.io Sep 24, 2019
peaceiris referenced this issue in NathanVaughn/blog.nathanv.me Sep 24, 2019
peaceiris referenced this issue in leonGravel/blog Sep 24, 2019
peaceiris referenced this issue in patrickod/eurorack.dev Sep 24, 2019
Trigger hugo's deployment process and commit to the gh-pages branch upon merging to master.
peaceiris referenced this issue in puckwang/puckwang.github.io Sep 24, 2019
peaceiris referenced this issue in NuevoFoundation/workshops Sep 24, 2019
peaceiris referenced this issue in TartanLlama/actions-eleventy Sep 24, 2019
peaceiris added a commit that referenced this issue Feb 18, 2020
GitHub might have started to supporting to trigger the GitHub Pages build event by GITHUB_TOKEN on public repositories. (We can already use the token on private repositories.) Be careful, there is no official announcement about this by GitHub.

cf. #9
peaceiris added a commit that referenced this issue Feb 18, 2020
GitHub might have started to supporting to trigger the GitHub Pages build event by GITHUB_TOKEN on public repositories. (We can already use the token on private repositories.) Be careful, there is no official announcement about this by GitHub.

cf. #9
peaceiris added a commit that referenced this issue Feb 18, 2020
GitHub might have started to supporting to trigger the GitHub Pages build event by GITHUB_TOKEN on public repositories. (We can already use the token on private repositories.) Be careful, there is no official announcement about this by GitHub.

cf. #9
@peaceiris
Copy link
Owner Author

peaceiris commented Feb 18, 2020

Unfortunately, the build with GITHUB_TOKEN sometimes fails... Be careful.

@nicolas-van
Copy link
Contributor

Didn't had a problem personally.

The only strange behavior I encountered was that, when I created this repository (which is a reusable boilerplate for Parcel I was hoping to create for a long time by the way), I had to kind of "confirm" to Github in the settings of the repository that I really wanted to deploy that web site from the gh-pages branch.

Then I made 40+ commits that all triggered a publish without problem.

@peaceiris
Copy link
Owner Author

@nicolas-van Thank you for telling me your log and the boilerplate looks very useful.

In my case, when I push two commits with shorter intervals, the first one fails.

Screen Shot 2020-02-19 at 0 59 26

Commits master branch · peaceiris/peaceiris.github.io

@peaceiris
Copy link
Owner Author

From another point of view, that behavior also sounds good. When the second event starts in the middle of the first one, the first one may be canceled. It is my expectation.

@peaceiris
Copy link
Owner Author

See #104 (comment)

I am attempting to use secrets.GITHUB_TOKEN on a public repository. The one commit that did get generated and pushed to gh-pages, does not seem to have triggered a GitHub Pages build, despite reports this is now working at #9 (comment).

@dhimmel
Copy link
Contributor

dhimmel commented Feb 18, 2020

I addition to the quote above. I've also experienced inconsistent triggering of GitHub Pages build at https://github.com/dhimmel/rootstock-branchless-setup/commits/gh-pages:

image

See how the first commit did not trigger a build. In Settings, I switched GitHub Pages to build master and then switched back to gh-pages and that seemed to resolve the issue. Note that the master branch build for the commit that did not trigger Pages has previously failed. In both cases, the failed deployment followed a master commit whose workflow previously failed and now passed. Not sure if this has any relevance.

@dhimmel
Copy link
Contributor

dhimmel commented Feb 18, 2020

I had to kind of "confirm" to Github in the settings of the repository that I really wanted to deploy that web site from the gh-pages branch.

Yeah, I think this is the case for me too. Initially upon going to the settings after there is a GITHUB_TOKEN created commit on gh-pages branch:

image

And then after re-selecting "gh-pages" branch for source:

image

Subsequently, I make a dummy commit like git commit --allow-empty --message "rebuild". The gh-pages commit from now does trigger a pages build.

@peaceiris peaceiris changed the title Cannot deploy with GITHUB_TOKEN for new repository About limitation of GITHUB_TOKEN Feb 19, 2020
@nicolas-van
Copy link
Contributor

nicolas-van commented Feb 19, 2020

Yeah, I had exactly the same behavior in the Settings page.

Another problem I had additionally was that adding a empty commit after fixing the settings didn't seemed sufficient. It triggered the Gihub Actions workflow but not the Github Pages workflow. It seemed necessary to really alter the content of the gh-pages branch in order to publish. It may be useful that say that I'm using Parcel, which generates exactly the same content byte-per-byte given the same source files to optimize caches, and that I use a .nojekyll file to avoid problems.

I think Github has some mechanism to avoid publishing if the content of gh-pages didn't changed, at least when using the .nojekyll file.

By the way, this is completely unrelated but it could be a good idea to add that .nojekyll file by default in your action. 99% of the users will need it, will probably not read the whole documentation so they won't know, and will inevitably encounter a hard to debug problem sooner or later. (I'm convinced all serious users of Github Pages already lost at least one hour of their time because of that damn file like I did ^^ )

peaceiris added a commit that referenced this issue Feb 19, 2020
GitHub might have started to supporting to trigger the GitHub Pages build event by GITHUB_TOKEN on public repositories. (We can already use the token on private repositories.) Be careful, there is no official announcement about this by GitHub.

cf. #9
peaceiris added a commit that referenced this issue Feb 19, 2020
GitHub might have started to supporting to trigger the GitHub Pages build event by GITHUB_TOKEN on public repositories. (We can already use the token on private repositories.) Be careful, there is no official announcement about this by GitHub.

cf. #9
@dhimmel
Copy link
Contributor

dhimmel commented Feb 19, 2020

Another problem I had additionally was that adding a empty commit after fixing the settings didn't seemed sufficient

If using an empty commit with this action, you would have to set allow_empty_commit: true in the YAML. Could that have been the issue?

@slonopotamus
Copy link

slonopotamus commented Feb 19, 2020

I've read this thread three times, but couldn't quite understand - does deployment work with GITHUB_TOKEN at the end or not? README now states that it doesn't does, but this issue is still open.

My experients show that it does work.

@peaceiris
Copy link
Owner Author

@slonopotamus Yes, the deployment with GITHUB_TOKEN has worked well on public repositories since a week ago. But, we have no official announcement by GitHub. I opened #115 to update the README. Maybe, we need more time to check whether GITHUB_TOKEN is stable, or not, before merging that pr.

@peaceiris
Copy link
Owner Author

Finally, I put the github_token as a first example on the README. 🎉 #115

If the deployment with GITHUB_TOKEN in public repositories fails again, we can reopen this issue.

Thanks!

smyrick pushed a commit to smyrick/graphql-kotlin that referenced this issue Feb 25, 2020
Use https://github.com/peaceiris/actions-gh-pages to publish to the gh-pages branch. This will hopefully remove some config and tokens that we need to save now that GH Actions support pushing branch via the GITHUB_TOKEN secret

See: peaceiris/actions-gh-pages#9
dariuszkuc pushed a commit to ExpediaGroup/graphql-kotlin that referenced this issue Feb 26, 2020
Use https://github.com/peaceiris/actions-gh-pages to publish to the gh-pages branch. This will hopefully remove some config and tokens that we need to save now that GH Actions support pushing branch via the GITHUB_TOKEN secret

See: peaceiris/actions-gh-pages#9
@github-actions
Copy link
Contributor

This issue has been LOCKED because of it being resolved!

The issue has been fixed and is therefore considered resolved.
If you still encounter this or it has changed, open a new issue instead of responding to solved ones.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request resolved
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants