Home > Software design >  Github Workflow / Action commit to repository returning 403
Github Workflow / Action commit to repository returning 403

Time:01-07

I have a Github Workflow file where I bump the version of the python package (setup.py) and afterwards I want to push the changes to the repository the workflow runs in. But I get 403 no access granted back

  build-package:
    permissions:
      contents: read
      id-token: write
      pull-requests: write
      issues: write
      repository-projects: write
      deployments: write
      packages: write
      

    runs-on: ubuntu-latest
    needs: test
    steps:
      - uses: actions/checkout@v3
      """ STEPS BETWEEN""""
      
      
      - name: Set up Python 3.10
        uses: actions/setup-python@v1
        with:
          python-version: "3.10"
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          python -m pip install setuptools
          python -m pip install wheel
          python -m pip install bump
      - name: Bump version
        run: |
          bump --patch
          # add step that commits the setup.py and skips the ci/cd
      - name: Commit version
        run: |
          git config --global user.email "github-actions[bot]@users.noreply.github.com"
          git config --global user.name "bot"
          git commit -m "Bump version" setup.py
          git push

      - name: Build package
        run: |
          python setup.py sdist bdist_wheel

It returns

fatal: unable to access 'https://github.com/repository/': The requested URL returned error: 403

CodePudding user response:

There are a couple of things that could be causing the "403 no access granted" error in your workflow:

The permissions block in your workflow file specifies the permissions that the workflow has, but it doesn't actually grant those permissions. You'll need to use the GITHUB_TOKEN secret to authenticate the push. Try replacing this line:

git push

with this:

git push origin HEAD:${{ github.ref }} --force-with-lease

If you're using a private repository, make sure that the repository is accessible to the user or organization that the GITHUB_TOKEN is associated with.

If you're using a deploy key to authenticate the push, make sure that the deploy key has the necessary permissions on the repository.

Make sure that the repository you're trying to push to exists and is spelled correctly in the git push command.

I hope this helps!

CodePudding user response:

The git commit and push by itself is fine, you've just limited the scope of the GITHUB_TOKEN that is used for pushing to read-only.

Convert this:

 permissions:
      contents: read

To this:

 permissions:
      contents: write

Do be aware that this will only allow normal code changes to be pushed, and not for workflow files (those have extra security scopes).

Page link:https//www.codepudding.com/Softwaredesign/664593.html

Prev:My site uploaded on Git hub doesn't load with CSS on net but it loads correctly with chrome on
Next:How to use github cli to auto pull all newly created or updated repos to local pc
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding