docker-clojure icon indicating copy to clipboard operation
docker-clojure copied to clipboard
verified publisher icon Quantisan

Another error creating upstream PR in GitHub Action

Open cap10morgan opened this issue 2 years ago • 6 comments

Now I'm seeing this error when it tries to create the upstream PR:

refusing to allow a Personal Access Token to create or update workflow `.github/workflows/.bashbrew/action.yml` without `workflow` scope

In this run: https://github.com/Quantisan/docker-clojure/actions/runs/7103005492

Hopefully this doesn't keep being error whack-a-mole! 😅

cap10morgan avatar Dec 05 '23 15:12 cap10morgan

@Quantisan Just ran into this again with the latest version bump: https://github.com/Quantisan/docker-clojure/actions/runs/7413039073

cap10morgan avatar Jan 04 '24 17:01 cap10morgan

@Quantisan Same error again: https://github.com/Quantisan/docker-clojure/actions/runs/7687579602/job/20947777891#step:6:516. Let me know if you'd rather give up on this approach. Might be more trouble than it's worth and I don't really mind creating the docker-library PRs manually.

cap10morgan avatar Jan 28 '24 18:01 cap10morgan

@Quantisan Let me know if you think you'll have time to look into this issue. Otherwise I might just remove the automation since it's not working.

cap10morgan avatar Apr 09 '24 16:04 cap10morgan

We've been using the classic token as that's what's been working. Until when it's not. Thinking newer = better, I gave the newer, fine-grained token another shot. Unfortunately, it falls short because it lacks the necessary permissions for write access to a public repository (specifically, for opening a PR to docker-library/official-images), rendering it unsuitable for our needs.

I'm curious about how you handle situations when error occurs. Do you attempt a retry after a few hours? Observing the GitHub Actions, I noticed there were successes following failures. Were those instances linked to different PRs or the same ones?

p.s. @cap10morgan Sorry for the lack of responses! I've been on pat leave for a while.

Quantisan avatar Apr 09 '24 22:04 Quantisan

We've been using the classic token as that's what's been working. Until when it's not. Thinking newer = better, I gave the newer, fine-grained token another shot. Unfortunately, it falls short because it lacks the necessary permissions for write access to a public repository (specifically, for opening a PR to docker-library/official-images), rendering it unsuitable for our needs.

Hmm... so we just need a fundamentally new / different approach huh?

I'm curious about how you handle situations when error occurs. Do you attempt a retry after a few hours? Observing the GitHub Actions, I noticed there were successes following failures. Were those instances linked to different PRs or the same ones?

I just do it manually when this fails. I haven't seen this particular action (i.e. opening the upstream PR) succeed after it hits this failure.

p.s. @cap10morgan Sorry for the lack of responses! I've been on pat leave for a while.

All good! And congrats!

cap10morgan avatar Apr 10 '24 15:04 cap10morgan

@Quantisan Looks like it's fixed now! https://github.com/Quantisan/docker-clojure/actions/runs/8633436359

cap10morgan avatar Apr 10 '24 15:04 cap10morgan

This seems good now

cap10morgan avatar May 28 '24 15:05 cap10morgan