CURL fails on workflow but succeeds locally

mauricioklein · December 10, 2020, 1:50pm

Hello!

I’m trying to create a workflow that will trigger a Github Pages build daily for my personal blog.

I have two triggers for the workflow:

One scheduled (once a day)
One manual, triggered directly in Actions UI

For this, I have created a PAT (called PAGES_TOKEN) with all repo permissions.

My workflow file is the following:

name: Build

on:
  workflow_dispatch:
  schedule:
    - cron: '0 15 * * *' # Runs every day at 3pm GMT (4pm CEST)

jobs:
  build-pages:
    runs-on: ubuntu-20.04
    steps:
      - name: Trigger GitHub pages rebuild
        run: |
          curl --fail --request POST --header "Authorization: Bearer $USER_TOKEN" --url "https://api.github.com/repos/${{ github.repository }}/pages/builds"
        env:
          USER_TOKEN: ${{ secrets.PAGES_TOKEN }}

Every time I trigger a manual build in actions UI against the master branch I get a 401 error back:

However, if I run the exact same CURL command locally, replacing the $USER_TOKEN by the actual token secret, the requests succeeds with a status QUEUED.

Am I missing something in my workflow setup?

Thanks in advance for any hint!

airtower-luna · December 10, 2020, 3:42pm

The documentation on token scopes says to use tokens with token, not Bearer. That has worked for me so far:

curl --header "Authorization: token $USER_TOKEN" # ...

mauricioklein · December 11, 2020, 8:01am

Thanks, but Bearer works just fine as well

Turns out the problem was a misunderstanding from my side:

While PATs are created in the GH account context, they need to be added as a secret to the repository to be used on workflows.

Adding a secret to the repo with the PAT secret solved the problem.

Thanks!