Action showing permission denied

Code to Cloud GitHub Actions
#1

I had many environmental variables so I used to gpg to encrypt those variables in a file.

I then made a script to decrypt that file and to store it the backend folder of my project during the run of the action

All this are to happen in the github action (see below the yml file)

That script of mine looks something like this:

#!/bin/sh

gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPTER_PASSPHRASE" \
--output ./backend/.env ./.github/secrets/backend.env.gpg

My script is running well when I am executing this command in the project root

./.github/scripts/backend_decrypt.sh

But it fails during the github action

My backend-deploy.yml file is like this:


name: Backend Deploy

on:
  push:
    branches:
      - master
    paths:
      - 'backend/**'

jobs:
  backendDeploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - shell: bash
        env:
          DECRYPTER_PASSPHRASE: ${{secrets.DECRYPTER_PASSPHRASE}}
        run: >
          ./.github/scripts/backend_decrypt.sh
# fails at this point
      - run: |
          cat backend/.env
          pwd
          ls -a
          ls backend/
      - run: >
          ls -a
          ls -a backend/
          echo "Deployed to code-rush-backend.herokuapp.com"

It is giving me this error:

showing error -> /home/runner/work/_temp/27cb9d1d-f99d-489b-b13e-4f56e86348af.sh: line 1: ./.github/scripts/backend_decrypt.sh: Permission denied
showing error -> /home/runner/work/_temp/27cb9d1d-f99d-489b-b13e-4f56e86348af.sh: line 1: ./.github/scripts/backend_decrypt.sh: Permission denied1362Ă—317 19.9 KB

How can I fix this ? Please help

#2

That most likely means that your ./.github/scripts/backend_decrypt.sh script doesn’t have the “execute” filesystem permission set. I assume you’re developing on Windows locally, which doesn’t have that kind of permission system.

You can tell git to add the permission anyway with this command:

git update-index --chmod=+x ./.github/scripts/backend_decrypt.sh

update-index is similar to add in that it adds the change to the index, so you’ll have to commit and push as usual.

7 Likes
#3

Thanks a lot @airtower-luna
This solved it

1 Like
#4

Thank you so much! This solved the issue for me too! Any tips on how to do this by default on a Windows machine for bash scripts?

#5

How do you mean “by default”? If you mean marking scripts as executable, no. Unix-ish systems don’t do that either, it’s just that there you automatically notice if something isn’t marked as executable but should. You could try to make a pre-commit hook with some sort of heuristic to detect scripts, but I doubt it’s worth the effort.