action #138674
closedopenQA Tests (public) - coordination #96596: [qe-core][CI] CI/CD and Coding style improvements
Reusable github workflow in openQA is causing a problem for os-autoinst-bot dependency PR
Description
Observation¶
We are now getting an error in our nightly dependencies update job:
https://app.circleci.com/pipelines/github/os-autoinst/openQA/12400/workflows/7bc41274-bbd1-4145-9a0f-0715f4e9e37f/jobs/115757
[dependency_2023-10-27 d20ce8677] Dependency cron 2023-10-27
2 files changed, 2 insertions(+), 2 deletions(-)
To https://github.com/os-autoinst-bot/openQA.git
! [remote rejected] dependency_2023-10-27 -> dependency_2023-10-27 (refusing to allow a Personal Access Token to create or update workflow `.github/workflows/commit-message-checker.yml` without `workflow` scope)
error: failed to push some refs to 'https://github.com/os-autoinst-bot/openQA.git'
Exited with code exit status 1
Acceptance criteria¶
- AC1: Nightly dependency update jobs are known to run successfully -> https://app.circleci.com/pipelines/github/os-autoinst/openQA?branch=master
- AC2: Dependency update PRs are being created successfully
Suggestions¶
- DONE Fix the actual problem -> was solved by giving the original bot access more scope
- Consider moving from circleCI to github actions
Updated by tinita about 1 year ago
- Copied from action #138416: Unify GitHub Actions for QA Projects size:M added
Updated by tinita about 1 year ago
- Status changed from New to In Progress
I looked up the token for the os-autoinst-bot and it does already have the "workflow" scope. So maybe the way the reusable workflow is using the token is wrong...
Updated by tinita about 1 year ago
- Status changed from In Progress to Feedback
I was looking at the wrong token. I now added the "workflow scope" to the right one (the one called CircleCI) and reran the job successfully:
https://app.circleci.com/pipelines/github/os-autoinst/openQA/12400/workflows/4e0bf9f7-327d-44c2-a1f0-29299418e10d/jobs/115762
https://github.com/os-autoinst/openQA/pull/5351 Dependency cron 2023-10-27
Updated by tinita about 1 year ago
I'm wondering if we could move that CircleCI workflow to a github workflow itself, so it wouldn't need an extra token. It could just push to a branch on the original repo.
Updated by okurz about 1 year ago
- Description updated (diff)
- Status changed from Feedback to Resolved
Original problem was fixed, CI pipelines look good over the past days. While switching to github actions is a possibility we agreed in the estimation call that we won't continue that path for now.