Fatal: could not read Password for 'https://***@github.com':

Hey there…

We created this action https://github.com/totvslabs/carol-build to automate the creation of images in our platform.
We have this action in some repos, and there is one repo that I am getting this error when trying to use the secrets.GITHUB_TOKEN

2020-06-15 13:28:45,675 - [DEBUG]: fatal: could not read Password for 'https://***@github.com': No such device or address

This is the action I am using

name: Build docker image on Carol

on:
  push:
    tags:
    - '*'
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
        
    - name: Build
      uses: totvslabs/carol-build@master
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}
        carol-tenant: 'asd'
        carol-organization: 'asd'
        carol-app-name: 'asd'
        carol-connector-id: ${{ secrets.CAROLCONNECTORID }}
        carol-api-key: ${{ secrets.CAROLAPPOAUTH }}
        manifest-path: '.'
  release:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Create Release
      id: create_release
      uses: actions/create-release@v1
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
      with:
        tag_name: ${{ github.ref }}
        release_name: Release ${{ github.ref }}
        body: |
          Release ${{ github.ref }}
        draft: false
        prerelease: false

Basically this will start a build process inside the platform. This used to work. It stopped. Has Github changed something with the TOKENs?

1 Like

Hi @rafarui,

Glad to see you in Github Community Forum!

AFAIK, there is no change for the GITHUB TOKEN, if it used to work, could you please try again?
Is the issue repository private? what about change it to public?
If the issue persists, please create a secrets based on a personal access token, use it instead of GITHUB_TOKEN for a try.

I cannot reproduce the error since i don’t have the CAROL secrets, could you please share a sample repo for further investigation?

Thanks

1 Like

With the repo opened it works. doest it work for private repos?

Hi @rafarui,

Thanks for your reply. I cannot verify the action since i don’t have CAROL secrets. Could you please enable debug logging and provide the error logs?

Thanks

How can I send the logs? I dont see anything that could help though.

One question that is not clear from the documentation. What we do with this action. The platform has an API that allows us to send a manifest file, with a github repo and it will build the docker image. We pass this github token to the platform to be able to clone the repo. Is this the problem? this token does not have permissions outside the action scope?

best
Rafael

Hi @rafarui,

Thanks for your reply!

You can create a new private repository, reproduce the issue in the workflow, and then convert the repo to public and share the workflow link here.

For private repository, do you use below format to clone?

git clone https://name:password@github.com/org/repo.git

hey…
here the logs

hey @weide-zhou
Have you taken a look at the logs there?

tks.

Hi @rafarui,

Sorry for late response, i raised an internal ticket to ask github for confirmation, it would take some time for investigation, i will update once there’s a response.

Thanks

1 Like

Tks, I will wait then

This works for me with a private repo:

on: push
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - run: |
          git clone "https://username:${{github.token}}@github.com/${{github.repository}}.git"
      - run: |
          printenv|sort

Hey @ericsciple

Yes running inside the action works, the problem is I am not using the token in this context, it is the platform API that will handle the clone/build. The action is just the trigger for the process.
We are passing this github token to the API that will do git clone "[https://username](https://username/):${{github.token}}@github.com/${{github.repository}}.git" I think this token does not have permissions outside the action scope, does it?

tks,
Rafael

You may need to map the token into an environment variable so you can access it from a child process. For example:

    steps:
      - env:
          GITHUB_TOKEN: ${{ github.token }}
        run: |
          ./my-script.sh

my-script.sh:

git clone "https://username:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"