Failure on forked repo - Token secret not supplied

[jon-nfc]

On a forked repo the secret is not available. figure out a way to have this workflow run. Test should have already been done in the scratchpad, however they weren't. this was the purpose of nofusscomputing/scratchpad#8

• ❓ Can the git job token be used??

Run actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e
  with:
    project-url: https://github.com/orgs/nofusscomputing/projects/[3](https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28742085387#step:2:3)
Error: Input required and not supplied: github-token

Debugging

• 🔴 Action: opened by collaborator

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144059

• 🔴 Action: assigned by collaborator

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478

• 🔴 Action: edited by collaborator_

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382453884

• 🟢 Action: milestoned by repo owner

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381380285

• 🟢 Action: assigned by repo owner

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382250836

• 🔴 Action: edited by repo owner

  https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10382256327

Proposed Solution 1

Split workflow into two parts. Triage runs in the context of the issue/PR and on completion triggers (workflow_run) the actual workflow which should run in the context of the repo. Idea is the same as this action

for this to work the details of what was triaged will be required to be passed to triggered workflow.

• triage.yaml

---

name: Triage


on:
  issues:
    types:
      - opened
      - reopened
      - transferred
      - milestoned
      - demilestoned
      - closed
      - assigned
  pull_request: 
    types:
      - opened
      - edited
      - assigned
      - reopened
      - closed


jobs:


  project:
    name: Fetch Triage Details
    runs-on: ubuntu-latest
    steps:

    - name: Collect Triage Details
      shell: bash
      run: |
        echo "triage_event_name=${{ github.event_name }}" > triage_details-project.txt;
        echo "triage_event_action=${{ github.event.action }}" >> triage_details-project.txt;

        if [ "${{ github.event_name }}" == 'pull_request' ]; then
        
          echo "triage_item_number=${{ github.event.pull_request.number }}" >> triage_details-project.txt;

          echo "triage_item_url=https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}" >> triage_details-project.txt;

        else

          echo "triage_item_number=${{ github.event.issue.number }}" >> triage_details-project.txt;

          echo "triage_item_url=https://github.com/${{ github.repository }}/issues/${{ github.event.issue.number }}" >> triage_details-project.txt;

        fi;


        echo "[Debug]************************************";

        cat triage_details-project.txt;

        echo "[Debug]************************************";


      - name: Upload Triage Data
        uses: actions/upload-artifact@v4
        with:
          name: triage-details-project
          path: triage_details-project.txt

• project.yaml

---

name: 'Project'
on:
  workflow_run:
    workflows:
      - 'Triage'
    types:
      - completed


permissions:
  contents: read
  actions: read


jobs:

  prepare-project-triage: 
    name: Project Triage
    runs-on: ubuntu-latest
    outputs:
      triage_event_name: ${{ steps.triage-output.outputs.triage_event_name }}
      triage_event_action: ${{ steps.triage-output.outputs.triage_event_action }}
      triage_item_number: ${{ steps.triage-output.outputs.triage_item_number }}
      triage_item_url: ${{ steps.triage-output.outputs.triage_item_url }}
    steps:

      ## Additional Steps

      - name: Fetch triage Details
        uses: actions/download-artifact@v4
        with:
          name: triage-details-project
          run-id: ${{ github.event.workflow_run.id }}


      - name: Set Outputs
        id: triage-output
        shell: bash
        run: |
          cat triage_details-project.txt > $GITHUB_OUTPUT


  project:
    name: Project
    needs:
      - prepare-project-triage
    uses: nofusscomputing/action_project/.github/workflows/project.yaml@development
    with:
      PROJECT_URL: https://github.com/orgs/nofusscomputing/projects/3
      TRIAGE_EVENT_NAME: ${{ needs.prepare-project-triage.outputs.triage_event_name }}
      TRIAGE_EVENT_ACTION: ${{ needs.prepare-project-triage.outputs.triage_event_action }}
      TRIAGE_ITEM_NUMBER: ${{ needs.prepare-project-triage.outputs.triage_item_number }}
      TRIAGE_ITEM_URL: ${{ needs.prepare-project-triage.outputs.triage_item_url }}
    secrets:
      WORKFLOW_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}

Solution 1 Problem

There does not appear to be a way to specify the item url for action actions/add-to-project

• ref: Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341

  Adds feature that allows specifying via payload

Links

• Blocks: feat(playbooks): migration of centurion playbooks to github ansible_collection_centurion#17

• Blocked By: Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341

• Related: Add CI to the Repo ansible_collection_centurion#15

• Related: new line scratchpad#8 namely comment

• Related: Action does not work on PRs from forks actions/add-to-project#163

• Ref: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28742085387

Tasks

• 🚧 Does "Proposed solution 1" work

  • Update workflow to use proposed TRIAGE_ variables

    TRIAGE_EVENT_NAME: ${{ needs.prepare-project-triage.outputs.triage_event_name }}
    TRIAGE_EVENT_ACTION: ${{ needs.prepare-project-triage.outputs.triage_event_action }}
    TRIAGE_ITEM_NUMBER: ${{ needs.prepare-project-triage.outputs.triage_item_number }}
    TRIAGE_ITEM_URL: ${{ needs.prepare-project-triage.outputs.triage_item_url }}

    • All Conditional statements updated for TRIAGE_ variables

    • Add to project action receives specified item_number

    • update field actions receives specified item_number

    • 🟢 Partial success. see Failure on forked repo - Token secret not supplied #3 (comment)

    • 🟢 forked repo test was a success for secrets access. Failure on forked repo - Token secret not supplied #3 (comment)

/cc @jasonpagetas

[jon-nfc]

post commit https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10381144478/job/28796857364

[jon-nfc]

Test implemented - Solution 1

• feat(inputs): add new vars TRIAGE_* #4 has been merged, test out workflow with new vars
• First workflow run: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400673288/job/28801667919#step:2:1

On merge

• 🟢 Triage.yaml https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400726091

  • 🔴 Project.yaml: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400729347

    
    Run actions/download-artifact@v4
    with:
        name: triage-details-project
        run-id: 10400726091
        merge-multiple: false
        repository: nofusscomputing/ansible_collection_centurion
    Downloading single artifact
    Error: Unable to download artifact(s): Artifact not found for name: triage-details-project
            Please ensure that your artifact is not expired and the artifact was uploaded using a compatible version of toolkit/upload-artifact.
            For more information, visit the GitHub Artifacts FAQ: https://github.com/actions/toolkit/blob/main/packages/artifact/docs/faq.md
    
    

    • Artifact does exist. may be permissions

[jon-nfc]

Continued Test implemented - Solution 1

• 📝 ci(project): remove permissions key ansible_collection_centurion#23

Workflows:

• PR Opened

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400895030

    
    Run echo "triage_event_name=pull_request" > triage_details-project.txt;
    [Debug]************************************
    triage_event_name=pull_request
    triage_event_action=assigned
    triage_item_number=23
    triage_item_url=https://github.com/nofusscomputing/ansible_collection_centurion/pull/23
    [Debug]************************************
    
    

    • 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400897847

      
      Run actions/download-artifact@v4
      with:
          name: triage-details-project
          run-id: 10400895030
          merge-multiple: false
          repository: nofusscomputing/ansible_collection_centurion
      Downloading single artifact
      Error: Unable to download artifact(s): Artifact not found for name: triage-details-project
              Please ensure that your artifact is not expired and the artifact was uploaded using a compatible version of toolkit/upload-artifact.
              For more information, visit the GitHub Artifacts FAQ: https://github.com/actions/toolkit/blob/main/packages/artifact/docs/faq.md
      
      

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400895037

    
    Run echo "triage_event_name=pull_request" > triage_details-project.txt;
    [Debug]************************************
    triage_event_name=pull_request
    triage_event_action=opened
    triage_item_number=23
    triage_item_url=https://github.com/nofusscomputing/ansible_collection_centurion/pull/23
    [Debug]************************************
    
    

    • 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10400898004

      
      Run actions/download-artifact@v4
      with:
          name: triage-details-project
          run-id: 10400895037
          merge-multiple: false
          repository: nofusscomputing/ansible_collection_centurion
      Downloading single artifact
      Error: Unable to download artifact(s): Artifact not found for name: triage-details-project
              Please ensure that your artifact is not expired and the artifact was uploaded using a compatible version of toolkit/upload-artifact.
              For more information, visit the GitHub Artifacts FAQ: https://github.com/actions/toolkit/blob/main/packages/artifact/docs/faq.md
      
      

Notes

• From docs for action actions/download-artifact Artifacts can be downloaded from other workflow runs and repositories when supplied with a PAT.

Merge

• 📝 ci(project): remove permissions key ansible_collection_centurion#23

workflows: 🔴

[jon-nfc]

Continued Test implemented - Solution 1

• 📝 ci(project): Add PAT to project triage to download artifacts ansible_collection_centurion#24

workflows:

• PR Opened

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401142966

    • 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401145222

      
      Run actions/download-artifact@v4
      with:
          name: triage-details-project
          run-id: 10401142966
          merge-multiple: false
          repository: nofusscomputing/ansible_collection_centurion
      Downloading single artifact
      Error: Unable to download artifact(s): Artifact not found for name: triage-details-project
              Please ensure that your artifact is not expired and the artifact was uploaded using a compatible version of toolkit/upload-artifact.
              For more information, visit the GitHub Artifacts FAQ: https://github.com/actions/toolkit/blob/main/packages/artifact/docs/faq.md
      
      

• PR Assigned:

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401304210

    • 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401306589

      
      Run actions/download-artifact@v4
      Downloading single artifact
      Error: Unable to download artifact(s): Artifact not found for name: triage-details-project
              Please ensure that your artifact is not expired and the artifact was uploaded using a compatible version of toolkit/upload-artifact.
              For more information, visit the GitHub Artifacts FAQ: https://github.com/actions/toolkit/blob/main/packages/artifact/docs/faq.md
      
      

• PR Merged

  • 🟢 triage: https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401341701

  • 🟢 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401344245

    • 🔴 workflow error

      
      The template is not valid. .github/workflows/project.yaml (Line: 50, Col: 27): Unexpected value '24'
      
      

    • 🟢 Step

      
      Run actions/download-artifact@v4
      with:
          name: triage-details-project
          run-id: 10401341701
          github-token: ***
          merge-multiple: false
          repository: nofusscomputing/ansible_collection_centurion
      Downloading single artifact
      Preparing to download the following artifacts:
      - triage-details-project (ID: 1814983798, Size: 281)
      Downloading artifact '1814983798' from 'nofusscomputing/ansible_collection_centurion'
      Redirecting to blob download url: https://productionresultssa13.blob.core.windows.net/actions-results/3493e0bf-8fc6-4730-abf9-44b487d65700/workflow-job-run-b888d68f-cf43-55c6-f18f-461a5106dfc5/artifacts/0c89dc276e2bcccf9193586ee057943561e6ed8684534e5af0f70babd7ce3ea0.zip
      Starting download of artifact to: /home/runner/work/ansible_collection_centurion/ansible_collection_centurion
      (node:1707) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
      (Use `node --trace-deprecation ...` to show where the warning was created)
      Artifact download completed successfully.
      Total of 1 artifact(s) downloaded
      Download artifact has finished successfully
      
      

[jon-nfc]

Continued Test implemented - Solution 1

• 📝 ci: project triage ansible_collection_centurion#25

• PR Opened

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401484012

    • 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401486015

• PR Merged

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401513882

    • 🔴 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401517910

      
      The template is not valid. .github/workflows/triage_project.yaml (Line: 50, Col: 27): Unexpected value '25'
      
      

Notes

• The step is running as intended, however there is a template error that prevents the project workflow from continuing

  • 0a6e747 done to test if removes error.

    • Works?? 🟢

      • 🟢 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401517910/attempts/2

[jon-nfc]

Solution 1 - Outcome

• Solution works, see Failure on forked repo - Token secret not supplied #3 (comment)

  • issue is now that the project add step cant find the item as the event is no longer issue or pull_request.
  • Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341 proposes to add the ability however has remained opened for some time 25 Mar 23 with no movement forward.

moving forward

• have Add 'payload' field to allow for Repository Dispatch actions/add-to-project#341 merged
• find another action that does the same thing, however with the option of adding the item url
• Manually create Add to Project steps. see https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/automating-projects-using-actions

[jon-nfc]

🟢 Solution 1 - Forked repo test

• 📝 feat(playbooks): migration of centurion playbooks to github ansible_collection_centurion#17

  • 🟢 triage https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401964186

    • 🟢 project https://github.com/nofusscomputing/ansible_collection_centurion/actions/runs/10401966997

      
      Run actions/download-artifact@v4
      Downloading single artifact
      Preparing to download the following artifacts:
      - triage-details-project (ID: 1815124387, Size: 282)
      Downloading artifact '1815124387' from 'nofusscomputing/ansible_collection_centurion'
      Redirecting to blob download url: https://productionresultssa5.blob.core.windows.net/actions-results/8cd36aad-a9fe-4f2b-b4b7-c01e41961407/workflow-job-run-b888d68f-cf43-55c6-f18f-461a5106dfc5/artifacts/0c89dc276e2bcccf9193586ee057943561e6ed8684534e5af0f70babd7ce3ea0.zip
      Starting download of artifact to: /home/runner/work/ansible_collection_centurion/ansible_collection_centurion
      (node:1685) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
      (Use `node --trace-deprecation ...` to show where the warning was created)
      Artifact download completed successfully.
      Total of 1 artifact(s) downloaded
      Download artifact has finished successfully
      
      

Success

• 👍 marking as a success for the forked repo as step fetch triage details uses a PAT and worked from the forked repo.

  • 🔒 The project workflow is run within the context of the parent repo.