Project

General

Profile

Actions
Copy link

action #138674

closed

openQA Tests - coordination #96596: [qe-core][CI] CI/CD and Coding style improvements

Reusable github workflow in openQA is causing a problem for os-autoinst-bot dependency PR

Added by tinita 6 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
High
Assignee:
tinita
Category:
Regressions/Crashes
Target version:
Ready
Start date:
2023-10-24
Due date:
% Done:

0%

Estimated time:

Description

Observation

We are now getting an error in our nightly dependencies update job:
https://app.circleci.com/pipelines/github/os-autoinst/openQA/12400/workflows/7bc41274-bbd1-4145-9a0f-0715f4e9e37f/jobs/115757

[dependency_2023-10-27 d20ce8677] Dependency cron 2023-10-27
 2 files changed, 2 insertions(+), 2 deletions(-)
To https://github.com/os-autoinst-bot/openQA.git
 ! [remote rejected]     dependency_2023-10-27 -> dependency_2023-10-27 (refusing to allow a Personal Access Token to create or update workflow `.github/workflows/commit-message-checker.yml` without `workflow` scope)
error: failed to push some refs to 'https://github.com/os-autoinst-bot/openQA.git'

Exited with code exit status 1

Acceptance criteria

Suggestions

  • DONE Fix the actual problem -> was solved by giving the original bot access more scope
  • Consider moving from circleCI to github actions

Related issues 1 (0 open1 closed)

Copied from openQA Project - action #138416: Unify GitHub Actions for QA Projects size:MResolvedybonatakis2023-10-24

Actions
Actions
Copy link
 #1

Updated by tinita 6 months ago

  • Copied from action #138416: Unify GitHub Actions for QA Projects size:M added
Actions
Copy link
 #2

Updated by tinita 6 months ago

  • Status changed from New to In Progress

I looked up the token for the os-autoinst-bot and it does already have the "workflow" scope. So maybe the way the reusable workflow is using the token is wrong...

Actions
Copy link
 #3

Updated by tinita 6 months ago

  • Status changed from In Progress to Feedback

I was looking at the wrong token. I now added the "workflow scope" to the right one (the one called CircleCI) and reran the job successfully:
https://app.circleci.com/pipelines/github/os-autoinst/openQA/12400/workflows/4e0bf9f7-327d-44c2-a1f0-29299418e10d/jobs/115762
https://github.com/os-autoinst/openQA/pull/5351 Dependency cron 2023-10-27

Actions
Copy link
 #4

Updated by tinita 6 months ago

I'm wondering if we could move that CircleCI workflow to a github workflow itself, so it wouldn't need an extra token. It could just push to a branch on the original repo.

Actions
Copy link
 #5

Updated by tinita 6 months ago

  • Description updated (diff)
Actions
Copy link
 #6

Updated by okurz 6 months ago

  • Description updated (diff)
  • Status changed from Feedback to Resolved

Original problem was fixed, CI pipelines look good over the past days. While switching to github actions is a possibility we agreed in the estimation call that we won't continue that path for now.

Actions
Copy link

Also available in: Atom PDF