CodeQL setup using Github Actions

Thank you! Here’s the entire error log. Please let me know if you need any more details.

Current runner version: '2.278.0'
Operating System
Virtual Environment
GITHUB_TOKEN Permissions
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository '<orgName>/checkout@v2'
Warning: Failed to download action 'https://api.github.com/repos/<orgName>/checkout/tarball/<someRandomToken>'. Error: Response status code does not indicate success: 403 (Forbidden).
Warning: Back off 11.281 seconds before retry.
Warning: Failed to download action 'https://api.github.com/repos/<orgName>/checkout/tarball/<someRandomToken>'. Error: Response status code does not indicate success: 403 (Forbidden).
Warning: Back off 14.223 seconds before retry.
Error: Response status code does not indicate success: 403 (Forbidden).

Questions:

  • I’m assuming you’ve sanitized the file, where org name is your actual org name?
  • Your forked actions are in public repos, in that org?

Sorry to sometimes ask the same thing again and again. I’m old, I forget things. :slight_smile:

No worries at all :slight_smile:

  • Yes, I did sanitize by replacing my org name with <orgName>
  • The forked repos are public but they are in an internal org <orgName> which is GHEC
1 Like

@ydorbala What are the base repository permissions for your org? None/Read/Write? Which one is that set to?

Sorry but where do I see those settings? I searched in the org settings for the default visibility but wasn’t able to locate there. Thanks!

Organization Settings | Member Privileges - Base Permissions

Its a long shot, but I’m curious…

@ydorbala Would you be willing to share with me (even privately) the link to your public forked repos? Since they are “public”, I should be able to see them and use the actions. I want to see what happens when I try and use your forked public actions for checkout.

@ydorbala Blow those forks away and try recreating them and try it again. I tried it using your forked repos (I have super powers :slight_smile: ), and I got the same error. My first thought is something is really weird about your forks.

Let’s try re-forking them and see what happens.

Also, for good measure, fork a copy into your personal github account as well. I’d like to see if I try and access either of those two forks (one to your org, one to your personal) if I get the 403. Ping me when you have and I"ll try using them again.

Forgot to update the thread here but @mickeygousset helped me offline and the issue was that we had IP Allow list enabled on our org and hence running actions was always throwing 403 forbidden errors. Running the same on self-hosted agents solved the issue. Thanks again @mickeygousset for your time! :slight_smile: