actions/auth
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Expand error message when GitHub envvars are not present (#31)

Browse Source 
This points people to the GitHub Actions permissions documentation, which will help with troubleshooting token permission errors.
This commit is contained in:
Seth Vargo 2021-10-06 14:26:23 -04:00 committed by GitHub
parent 90e80b8d07
commit 3fe2a3779a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
dist/index.js vendored
View File

@ -237,16 +237,20 @@ function run() {
// available. // available.
if (createCredentialsFile) { if (createCredentialsFile) {
const runnerTempDir = process.env.RUNNER_TEMP; const runnerTempDir = process.env.RUNNER_TEMP;
if (!runnerTempDir) {
throw new Error('$RUNNER_TEMP is not set');
}
// Extract the request token and request URL from the environment. These // Extract the request token and request URL from the environment. These
// are only set when an id-token is requested and the submitter has // are only set when an id-token is requested and the submitter has
// collaborator permissions. // collaborator permissions.
const requestToken = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN; const requestToken = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
if (!requestToken) {
throw new Error('$ACTIONS_ID_TOKEN_REQUEST_TOKEN is not set');
}
const requestURLRaw = process.env.ACTIONS_ID_TOKEN_REQUEST_URL; const requestURLRaw = process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
if (!requestURLRaw) { if (!requestToken || !requestURLRaw) {
throw new Error('$ACTIONS_ID_TOKEN_REQUEST_URL is not set'); throw new Error('GitHub Actions did not inject $ACTIONS_ID_TOKEN_REQUEST_TOKEN or ' +
'$ACTIONS_ID_TOKEN_REQUEST_URL into this job. This most likely ' +
'means the GitHub Actions workflow permissions are incorrect, or ' +
'this job is being run from a fork. For more information, please ' +
'see the GitHub documentation at https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token');
} }
const requestURL = new url_1.URL(requestURLRaw); const requestURL = new url_1.URL(requestURLRaw);
// Append the audience value to the request. // Append the audience value to the request.

14
src/main.ts
View File

@ -56,13 +56,17 @@ async function run(): Promise<void> {
// are only set when an id-token is requested and the submitter has // are only set when an id-token is requested and the submitter has
// collaborator permissions. // collaborator permissions.
const requestToken = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN; const requestToken = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
if (!requestToken) {
throw new Error('$ACTIONS_ID_TOKEN_REQUEST_TOKEN is not set');
}
const requestURLRaw = process.env.ACTIONS_ID_TOKEN_REQUEST_URL; const requestURLRaw = process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
if (!requestURLRaw) { if (!requestToken || !requestURLRaw) {
throw new Error('$ACTIONS_ID_TOKEN_REQUEST_URL is not set'); throw new Error(
'GitHub Actions did not inject $ACTIONS_ID_TOKEN_REQUEST_TOKEN or ' +
'$ACTIONS_ID_TOKEN_REQUEST_URL into this job. This most likely ' +
'means the GitHub Actions workflow permissions are incorrect, or ' +
'this job is being run from a fork. For more information, please ' +
'see the GitHub documentation at https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token',
);
} }
const requestURL = new URL(requestURLRaw); const requestURL = new URL(requestURLRaw);
// Append the audience value to the request. // Append the audience value to the request.