Unable to push to GitHub when trying to update Workflow

Question

Unable to push to GitHub when trying to update Workflow

Jademalo opened this issue 3 years ago · 7 comments

Jademalo commented 3 years ago

Prerequisites

Put an X between the brackets on this line if you have done all of the following:
- Reproduced the problem in Safe Mode: https://flight-manual.atom.io/hacking-atom/sections/debugging/#using-safe-mode
- Followed all applicable steps in the debugging guide: https://flight-manual.atom.io/hacking-atom/sections/debugging/
- Checked the FAQs on the message board for common solutions: https://discuss.atom.io/c/faq
- Checked that your issue isn't already filed: https://github.com/issues?utf8=✓&q=is%3Aissue+user%3Aatom
- Checked that there is not already an Atom package that provides the described functionality: https://atom.io/packages

Description

I am unable to push to my GitHub repo

Steps to Reproduce

Attempt to push
Log in with the small GitHub popup window
See the error

Expected behavior:

The commit should be pushed to the remote

Actual behavior:

The following error is thrown;

Reproduces how often:

100% of the time

Versions

Atom : 1.57.0
Electron: 9.4.4
Chrome : 83.0.4103.122
Node : 12.14.1

apm 2.6.2
npm 6.14.13
node 12.14.1 x64
atom 1.57.0
python
git 2.23.0.windows.1
visual studio 2015

Windows 10

Additional Information

Up until yesterday, this was working absolutely fine.

I got an email from GitHub stating that I should regenerate my personal access token due to the older tokens being depricated. I did so, and when I tried to push I was given the login prompt. I logged in successfully, but now I get this error on every push attempt.

The console is not much more informative, and trying to click either of those :14 links results in the dev tools window entirely hanging.

After a while of poking around, my only assumption is that for some reason Atom is using my old github token for authentication, rather than generating a new one. When I go to https://github.com/settings/tokens, there is no indication of an access token being generated for atom to be able to push.

Answer 1 · 2021-05-21T05:51:22.000Z

Small piece of progress, after using git plus to try and push instead, I get the following error;

 ! [remote rejected] master -> master (refusing to allow an OAuth App to create or update workflow `.github/workflows/release.yml` without `workflow` scope)
error: failed to push some refs to 'https://github.com/Jademalo/SurroundFix.git'

Answer 2 · 2021-05-21T06:00:56.000Z

Ok, I have a workaround, but there's definitely an issue here.

After logging in and getting the error, if I go to Control Panel/User Accounts/Credential manager then select Windows Credentials, one of the options is git:https://github.com. If I edit this and replace the password with a manually generated Personal Access token with the workflows scope, then I am able to push again without issue.

It seems like for whatever reason, the credential being stored in the credential manager that is generated by the github login prompt when attempting to push has some sort of error. I believe this may have something to do with it not having the workflows scope.

Atom also doesn't seem to be creating a Personal Access Token when using this login box, nor was it asking me for my 2fa key which seemed strange.

Answer 3 · 2021-05-30T19:37:52.000Z

For Mac users I found a workaround with keychain access according to this post.

Answer 4 · 2021-05-31T03:13:21.000Z

I can confirm hitting the same error.

I believe you are both right. As @Jademalo pointed out, the token is apparently being generated without the workflow "scope"/permission, and as you both pointed out, generating your own personal access token with the workflow permission and using that (instead of the OAuth token from github.atom.io/login) is a functional workaround.

(For the record, the OAuth token generated by github.atom.io/login is viewable at https://github.com/settings/applications, as the "Atom GitHub package").

Screenshot (click to expand):

(Current Workaround: I believe @dw61's posted workaround should work for macOS. There is also a Linux/Ubuntu/GNOME equivalent: I used seahorse as the Linux/GNOME equivalent of the macOS Keychain Access app. As @Jademalo pointed out, the credential manager on Windows is literally called Credential Manager, and it's in the Control Panel. In your OS's credential/keychain manager, you can change the password for the atom-github/https://api.github.com service/site to a GitHub Personal AccessToken with sufficient permissions.)

By the way, I think the GitHub package for Atom was coded before GitHub Actions were a thing[1]. It seems to me that it hasn't been updated to request the workflow permission since then.

I can see two possible solutions:

Update the github.atom.io/login stuff so that it generates its OAuth tokens with the workflow permission... in addition to the permissions it already has, read:org, user:email and repo.
Have folks make a Personal Access Token (github.com/settings/tokens) with all those permissions, instead of going the whole github.atom.io/login OAuth token route.

Answer 5 · 2021-05-31T12:37:26.000Z

@DeeDeeG Totally agreed.

Answer 6 · 2021-06-05T21:07:49.000Z

Testing....

Answer 7 · 2022-06-01T12:33:25.000Z

could this be fixed please?
even with a personal access token its not possible to push....idk whats going on