Enable security on organization (python) fails
Opened this issue ยท 3 comments
Summary
Running the GitHub Action step for Python fails after running it the first time. It ran once and then rerunning it causes it to fail. I plan to put this into a cronjob but manual invocation does not work.
Code
jobs:
enable-security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
repository: submittable/ghas-enablement
- name: Get dependencies and configure
run: |
yarn
git config --global user.name "ghas-enablement"
git config --global user.email "ghas.enablement@example.com"
- name: Enable security on organization (python)
run: |
npm run getOrgs
npm run getRepos
npm run start
env:
LANGUAGE_TO_CHECK: "python"
TEMP_DIR: ${{ github.workspace }}Error
2023-03-23T17:01:24.574Z ghas:inform
2023-03-23T17:01:25.575Z ghas:inform Executing: git checkout,-b,ghas-xyCIz in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:25.581Z ghas:error Switched to a new branch 'ghas-xyCIz'
2023-03-23T17:01:25.581Z ghas:inform
2023-03-23T17:01:26.582Z ghas:inform Executing: mkdir -p,.github/workflows in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:26.588Z ghas:inform
2023-03-23T17:01:27.589Z ghas:inform Executing: cp ./bin/workflows/codeql-analysis-python.yml,//home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>/.github/workflows/codeql-analysis.yml in /home/runner/work/github-actions/github-actions
2023-03-23T17:01:27.598Z ghas:inform
2023-03-23T17:01:28.599Z ghas:inform Executing: git add,.github/workflows/codeql-analysis.yml in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:28.606Z ghas:inform
2023-03-23T17:01:29.608Z ghas:inform Executing: git commit,-m,"Commit CodeQL File" in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:29.615Z ghas:inform Whitelist returns: false
2023-03-23T17:01:29.615Z ghas:error Error: Command failed: git commit -m "Commit CodeQL File"
at ChildProcess.exithandler (node:child_process:419:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:513:28)
at Pipe.<anonymous> (node:net:322:12)
node:internal/process/promises:288
triggerUncaughtException(err, true /* fromPromise */);
^
Error: Command failed: git commit -m "Commit CodeQL File"
at ChildProcess.exithandler (node:child_process:419:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:[513](https://github.com/submittable/github-actions/actions/runs/4495431566/jobs/7926103435#step:4:514):28)
at Pipe.<anonymous> (node:net:322:12) {
code: 1,
killed: false,
signal: null,
cmd: 'git commit -m "Commit CodeQL File"',
stdout: 'On branch ghas-xyCIz\nnothing to commit, working tree clean\n',
stderr: ''
}
Node.js v18.15.0
Error: Process completed with exit code 1.Going to do some digging into this today ๐
I can't seem to replicate this ๐ข
I just ran something like this:
name: Workflow
on:
workflow_dispatch:
env:
ENABLE_ON: "codescanning,secretscanning,pushprotection,dependabot,dependabotupdates,actions"
DEBUG: "ghas:*"
CREATE_ISSUE: "true"
GHES: "false"
GITHUB_ORG: ${{ secrets.MY_ORG }}
GITHUB_API_TOKEN: ${{ secrets.MY_TOKEN }}
jobs:
enable-security-python:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: NickLiffen/ghas-enablement
- name: Get dependencies and configure
run: |
yarn
git config --global user.name "ghas-enablement"
git config --global user.email "ghas.enablement@example.com"
- name: Enable security on organization (python)
run: |
npm run getRepos
npm run start
env:
LANGUAGE_TO_CHECK: "python"
TEMP_DIR: ${{ github.workspace }}Could you create two secrets, one with the org name and one with the PAT and try giving this a go ๐ค With the scopes documented in the README it should work ๐ค
One of our repositories is experiencing the same error, while the majority of them are functioning properly.
2023-08-14T22:05:40.298Z ghas:inform Found default branch SHA on the following repository: xxx-edge-api. The default branch is: db2edea247a517bfd1192c98b3533f8a9a1f5f26
2023-08-14T22:05:40.914Z ghas:inform Branch (ref) created on the following repository xxx-edge-api?. The branch reference is: refs/heads/feature/ghas-hCGOm
{
type: 'token',
tokenType: 'installation',
token: '***',
installationId: xxxx,
permissions: {
organization_administration: 'write',
administration: 'write',
contents: 'write',
issues: 'write',
metadata: 'read',
pull_requests: 'write',
security_events: 'write',
workflows: 'write'
},
createdAt: '2023-08-14T22:05:41.049Z',
expiresAt: '2023-08-14T23:05:40Z',
repositorySelection: 'all'
}
2023-08-14T22:05:41.053Z ghas:inform [
{
command: 'rm',
args: [ '-rf', './tempGitLocations' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/'
},
{
command: 'mkdir',
args: [ 'tempGitLocations' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement'
},
{
command: 'git',
args: [
'clone',
'***github.com/TMN/xxx-edge-api.git'
],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations'
},
{
command: 'git',
args: [ 'checkout', '-b', 'feature/ghas-hCGOm' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'mkdir',
args: [ '-p', [Array] ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'cp',
args: [
'./bin/workflows/codeql-analysis-javascript.yml',
'//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api/.github/workflows/codeql-analysis.yml'
],
cwd: '/home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement'
},
{
command: 'git',
args: [ 'add', '.github/workflows/codeql-analysis.yml' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'git',
args: [ 'commit', '-m', '"Commit CodeQL File"' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'git',
args: [ 'push', '--set-upstream', 'origin', 'feature/ghas-hCGOm' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'rm',
args: [ '-rf', './tempGitLocations/' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/'
}
]
2023-08-14T22:05:41.053Z ghas:inform Executing: rm -rf,./tempGitLocations in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/
2023-08-14T22:05:41.061Z ghas:inform
2023-08-14T22:05:42.061Z ghas:inform Executing: mkdir tempGitLocations in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement
2023-08-14T22:05:42.066Z ghas:inform
2023-08-14T22:05:43.067Z ghas:inform Executing: git ***github.com/TMN/xxx-edge-api.git in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations
2023-08-14T22:05:44.781Z ghas:error Cloning into 'xxx-edge-api'...
2023-08-14T22:05:44.781Z ghas:inform
2023-08-14T22:05:45.782Z ghas:inform Executing: git checkout,-b,feature/ghas-hCGOm in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:45.788Z ghas:error Switched to a new branch 'feature/ghas-hCGOm'
2023-08-14T22:05:45.788Z ghas:inform
2023-08-14T22:05:46.789Z ghas:inform Executing: mkdir -p,.github/workflows in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:46.794Z ghas:inform
2023-08-14T22:05:47.795Z ghas:inform Executing: cp ./bin/workflows/codeql-analysis-javascript.yml,//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api/.github/workflows/codeql-analysis.yml in /home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement
2023-08-14T22:05:47.802Z ghas:inform
2023-08-14T22:05:48.803Z ghas:inform Executing: git add,.github/workflows/codeql-analysis.yml in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:48.810Z ghas:inform
2023-08-14T22:05:49.812Z ghas:inform Executing: git commit,-m,"Commit CodeQL File" in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:49.819Z ghas:inform Whitelist returns: false
2023-08-14T22:05:49.819Z ghas:error Error: Command failed: git commit -m "Commit CodeQL File"
at ChildProcess.exithandler (node:child_process:419:12)
at ChildProcess.emit (node:events:514:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:514:28)
at Pipe.<anonymous> (node:net:323:12)
node:internal/process/promises:288
triggerUncaughtException(err, true /* fromPromise */);
^
Error: Command failed: git commit -m "Commit CodeQL File"
at ChildProcess.exithandler (node:child_process:419:12)
at ChildProcess.emit (node:events:514:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:514:28)
at Pipe.<anonymous> (node:net:323:12) {
code: 1,
killed: false,
signal: null,
cmd: 'git commit -m "Commit CodeQL File"',
stdout: 'On branch feature/ghas-hCGOm\nnothing to commit, working tree clean\n',
stderr: ''
}
Node.js v18.17.0
Error: Process completed with exit code 1.