starter-workflows icon indicating copy to clipboard operation
starter-workflows copied to clipboard
verified publisher icon actions

Azure Web Apps Deploy action doesn't ask for content read permission

Open lucasbfr opened this issue 1 year ago • 0 comments

Hi,

(First of all, apologies in advance if this is the wrong repo, I found the .net6 deployment but not the .net 8 deployment in the code 😲 )

when setting up a brand new .net 8 deployment straight from the Azure portal, I encountered the following error at the "Checkout GitHub Action" step:

Fetching the repository
  "C:\Program Files\Git\bin\git.exe" -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +[REDACTED]:refs/remotes/origin/main
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/lucasbfr/[REDACTED]' not found
  The process 'C:\Program Files\Git\bin\git.exe' failed with exit code 128

This is caused by a missing permission. The ones created by Azure are permissions: id-token: write #This is required for requesting the JWT

However, contents: read #This is required to read the repository is required to be able to read a (I guess non public) repository.

The .net 6 version of this script worked, probably because it was not setting any permission and contents: read is the default overridden by the new version.

lucasbfr avatar Aug 07 '24 09:08 lucasbfr