Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using gh in an workflow seems to require setting GH_TOKEN #21930

Open
1 task done
mkutz opened this issue Nov 10, 2022 · 7 comments
Open
1 task done

Using gh in an workflow seems to require setting GH_TOKEN #21930

mkutz opened this issue Nov 10, 2022 · 7 comments
Labels
code security content Problems or updates in the docs content on docs.github.com. dependabot MLH fellowship SME reviewed An SME has reviewed this issue/PR
Projects
Docs open source board MLH Fellowship Spring '23 (classic)

Comments

@mkutz
Copy link

mkutz commented Nov 10, 2022
edited by cmwilson21

[maintainer edit]
This issue is reserved for the MLH Fellowship program.

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions

What part(s) of the article would you like to see updated?

When I try the suggested workflows I get an error as gh seems to need the GITHUB_TOKEN to be set as GH_TOKEN.

The following works:

      - name: Approve a PR
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

Additional information

The repo in question is private and within an organization.
@mkutz mkutz added the content Problems or updates in the docs content on docs.github.com. label Nov 10, 2022
@welcome
Copy link

welcome bot commented Nov 10, 2022

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team. label Nov 10, 2022
@stefanscheidt
Copy link

Part of the error message shown in the GitHub workflow log when omitting the GH_TOKEN env var:

gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
  env:
    GH_TOKEN: ${{ github.token }}
Error: Process completed with exit code 4.

@cmwilson21 cmwilson21 added waiting for review Issue/PR is waiting for a writer's review dependabot code security and removed triage Do not begin working on this issue until triaged by the team. labels Nov 10, 2022
@MenszgUDoker MenszgUDoker mentioned this issue Nov 12, 2022
Closed
@mchammer01
Copy link
Contributor

@cmwilson21 - this requires review by a SME so I've added the relevant label 😃

@github-actions
Copy link
Contributor

Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀

@cmwilson21 cmwilson21 added SME reviewed An SME has reviewed this issue/PR and removed needs SME labels Nov 29, 2022
@mchammer01 mchammer01 self-assigned this Dec 15, 2022
@mchammer01
Copy link
Contributor

mchammer01 commented Dec 15, 2022
edited

Thank you @mkutz for raising this with us, and @stefanscheidt for confirming the docs are currently incorrect
If you (@mkutz) or someone else in the community are happy to raise a PR that fixes this, it would be great!

For information, the Dependabot team mentioned this article: https://docs.github.com/en/actions/security-guides/automatic-token-authentication

@mchammer01 mchammer01 added help wanted Anyone is welcome to open a pull request to fix this issue. and removed waiting for review Issue/PR is waiting for a writer's review labels Dec 15, 2022
@docubot docubot added this to Help wanted in Docs open source board Dec 15, 2022
@cmwilson21 cmwilson21 removed the help wanted Anyone is welcome to open a pull request to fix this issue. label Jan 9, 2023
@cmwilson21
Copy link
Collaborator

This issue is reserved for the MLH Fellowship program.

@cmwilson21 cmwilson21 added this to Triage in MLH Fellowship Spring '23 (classic) via automation Jan 24, 2023
@cmwilson21 cmwilson21 moved this from Triage to Weeks 1-3 in MLH Fellowship Spring '23 (classic) Jan 24, 2023
@mchammer01 mchammer01 removed their assignment Feb 6, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Apr 7, 2023

A stale label has been added to this issue becuase it has been open for 60 days with no activity. To keep this issue open, add a comment within 3 days.

@github-actions github-actions bot added stale There is no recent activity on this issue or pull request and removed stale There is no recent activity on this issue or pull request labels Apr 7, 2023
jeffwidman added a commit to dependabot/dependabot-core that referenced this issue May 1, 2023
@jeffwidman
Remove unused GH_TOKEN env var
0472245 
`GH_TOKEN` is necessary when using the `gh` CLI.

We use this in `images-branch.yml` when doing some stuff around forks, but not here in `images-latest.yml`.

I considered leaving it for consistency, and in case we ever add back `gh`. But the consistency arg doesn't make sense since `images-updater-core.yml` doesn't have this.

And if we add back `gh`, we'll get an obvious error message about the problem per github/docs#21930 (comment).
@jeffwidman jeffwidman mentioned this issue May 1, 2023
Merged
jeffwidman added a commit to dependabot/dependabot-core that referenced this issue May 2, 2023
@jeffwidman
Remove unused GH_TOKEN env var
837dd86 
`GH_TOKEN` is necessary when using the `gh` CLI.

We use this in `images-branch.yml` when doing some stuff around forks, but not here in `images-latest.yml`.

I considered leaving it for consistency, and in case we ever add back `gh`. But the consistency arg doesn't make sense since `images-updater-core.yml` doesn't have this.

And if we add back `gh`, we'll get an obvious error message about the problem per github/docs#21930 (comment).
jeffwidman added a commit to dependabot/dependabot-core that referenced this issue May 2, 2023
@jeffwidman
Remove unused GH_TOKEN env var (#7207)
3cacb39 
`GH_TOKEN` is necessary when using the `gh` CLI.

We use this in `images-branch.yml` when doing some stuff around forks, but not here in `images-latest.yml`.

I considered leaving it for consistency, and in case we ever add back `gh`. But the consistency arg doesn't make sense since `images-updater-core.yml` doesn't have this.

And if we add back `gh`, we'll get an obvious error message about the problem per github/docs#21930 (comment).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code security content Problems or updates in the docs content on docs.github.com. dependabot MLH fellowship SME reviewed An SME has reviewed this issue/PR
Projects
Docs open source board
Help wanted
MLH Fellowship Spring '23 (classic)
Weeks 1-3
Milestone
No milestone
Development

No branches or pull requests
5 participants
@stefanscheidt @mkutz @mchammer01 @cmwilson21 and others