Automerge failing due to `HttpError: Bad credentials`

Question

Automerge failing due to `HttpError: Bad credentials`

Closed this issue 7 days ago · 4 comments

Automerge is failing with a HttpError: Bad credentials error.

Here is the full log output from this example:

[Skip to content](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#start-of-content)
Navigation Menu
https://github.com/dbt-labs
/
[hub.getdbt.com](https://github.com/dbt-labs/hub.getdbt.com)

Type / to search
[Code](https://github.com/dbt-labs/hub.getdbt.com)
Issues
20
Pull requests
3
[Discussions](https://github.com/dbt-labs/hub.getdbt.com/discussions)
[Actions](https://github.com/dbt-labs/hub.getdbt.com/actions)
[Projects](https://github.com/dbt-labs/hub.getdbt.com/projects)
[Wiki](https://github.com/dbt-labs/hub.getdbt.com/wiki)
Security
14
[Insights](https://github.com/dbt-labs/hub.getdbt.com/pulse)
[Settings](https://github.com/dbt-labs/hub.getdbt.com/settings)
[Back to pull request #3418](https://github.com/dbt-labs/hub.getdbt.com/pull/3418)
HubCap: Bump package versions #7977
Jobs
Run details
Annotations
1 warning
[automerge](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418)
failed 1 hour ago in 3s
Search logs
1s
0s
Run pascalgn/[automerge](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#logs)-action@v0.15.6
  env:
    GITHUB_TOKEN: ***
    MERGE_LABELS: automerge,!work in progress,!ready for review
    MERGE_REMOVE_LABELS: automerge
    LOG: DEBUG
    MERGE_RETRIES: [1](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:1)0
    MERGE_RETRY_SLEEP: 60000
2024-11-14T19:04:38.597Z DEBUG Configuration: {
  mergeLabels: {
    required: [ 'automerge' ],
    blocking: [ 'work in progress', 'ready for review' ]
  },
  mergeRemoveLabels: [ 'automerge' ],
  mergeMethod: 'merge',
  mergeMethodLabels: [],
  mergeMethodLabelRequired: false,
  mergeForks: true,
  mergeCommitMessage: 'automatic',
  mergeCommitMessageRegex: '',
  mergeFilterAuthor: '',
  mergeRetries: 10,
  mergeRetrySleep: 60000,
  mergeRequiredApprovals: 0,
  mergeDeleteBranch: false,
  mergeDeleteBranchFilter: [],
  mergeErrorFail: false,
  mergeReadyState: [ 'clean', 'has_hooks', 'unknown', 'unstable' ],
  updateLabels: { required: [ 'automerge' ], blocking: [] },
  updateMethod: 'merge',
  updateRetries: 1,
  updateRetrySleep: 5000,
  baseBranches: [],
  pullRequest: null
}
[2](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:2)024-11-14T19:04:[3](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:3)8.606Z INFO  Event name: pull_request
202[4](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:4)-11-14T19:04:38.606Z DEBUG Getting pull request info for 3418 ...
2024-11-14T19:04:38.888Z HttpError: Bad credentials
    at /home/runner/work/_actions/pascalgn/automerge-action/v0.1[5](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:5).6/dist/index.js:5522:21
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async fetchPullRequest (/home/runner/work/_actions/pascalgn/automerge-action/v0.15.[6](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:6)/dist/index.js:440:31)
    at async handlePullRequestUpdate (/home/runner/work/_actions/pascalgn/automerge-action/v0.15.6/dist/index.js:128:23)
    at async executeGitHubActionImpl (/home/runner/work/_actions/pascalgn/automerge-action/v0.15.6/dist/index.js:105:12)
    at async executeGitHubAction (/home/runner/work/_actions/pascalgn/automerge-action/v0.15.6/dist/index.js:[7](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:7)6:18)
    at async main (/home/runner/work/_actions/pascalgn/automerge-action/v0.15.6/dist/index.js:2306[9](https://github.com/dbt-labs/hub.getdbt.com/actions/runs/11843811845/job/33005609239?pr=3418#step:2:10):5)
1s
Cleaning up orphan processes

Answer 1 · 2024-11-14T20:50:59.000Z

The automerge action in GitHub Actions uses the AUTOMERGE_PAT secret which was last updated... exactly 1 year ago:

So my guess is that it was configured to expire after 1 year.

Creating and setting a new PAT within the "Repository secrets" section here should hopefully resolve the issue.

Answer 2 · 2024-11-14T20:55:33.000Z

Looks like it was originally created as part of 0dfe8d6

Answer 3 · 2024-11-18T17:59:00.000Z

Creating a new Personal Access Token (PAT) and assigning its value to the AUTOMERGE_PAT secret seemed to do the trick. It needed the following scopes:

This documentation was helpful to troubleshoot which scopes might be needed:
https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28

Without the "Contents" scope, the action appeared to succeed, but had the following error message:

2024-11-18T17:05:55.975Z INFO  Event name: pull_request
2024-11-18T17:05:55.976Z DEBUG Getting pull request info for 3495 ...
2024-11-18T17:05:56.402Z INFO  Updating PR #3495 HubCap: Bump package versions
2024-11-18T17:05:56.403Z INFO  No update done due to PR mergeable_state blocked
2024-11-18T17:05:56.403Z INFO  Merging PR #3495 HubCap: Bump package versions
2024-11-18T17:05:56.404Z INFO  Current PR status: mergeable_state: blocked
2024-11-18T17:05:56.404Z INFO  Retrying after 60000 ms ... (1/10)
...
2024-11-18T17:18:03.509Z INFO  Retrying after 60000 ms ... (10/10)
2024-11-18T17:19:03.528Z DEBUG Getting latest PR data...
2024-11-18T17:19:04.106Z INFO  Failed to merge PR: Resource not accessible by personal access token
2024-11-18T17:19:04.106Z INFO  PR not ready to be merged after 10 tries

Once the read/write scope was added for Contents, the success message changed to the following:

2024-11-18T17:43:34.065Z INFO  Event name: pull_request
2024-11-18T17:43:34.065Z DEBUG Getting pull request info for 3495 ...
2024-11-18T17:43:34.527Z INFO  Updating PR #3495 HubCap: Bump package versions
2024-11-18T17:43:34.527Z INFO  No update done due to PR mergeable_state unstable
2024-11-18T17:43:34.528Z INFO  Merging PR #3495 HubCap: Bump package versions
2024-11-18T17:43:34.528Z INFO  PR is probably ready: mergeable_state: unstable
2024-11-18T17:43:35.775Z INFO  PR successfully merged!

I didn't try downgrading the "Metadata" or "Pull requests" scopes to see if it would still succeed without them or not.

Answer 4 · 2024-11-20T19:19:44.000Z

Resolved by creating a fresh Personal Access Token (PAT) with the scopes above and assigning its value to the AUTOMERGE_PAT secret.

This token has an expiration date. In order to stay working, the PAT will need to be refreshed by clicking the "Regenerate token" button:

Proof that it is working: