Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Latest v2 broke all of my private github actions

See original GitHub issue

After the release this morning, all of my github actions using checkout to pull a private action started failing.

      - uses: actions/checkout@v2
        with:
          repository: privateorg/actions
          path: .privateorg-actions
          ssh-key: ${{ secrets.GITSSHKEY }}

I would like to request that you revert the change that is now breaking hundreds of my private workflows.

Issue Analytics

State:
Created 3 years ago
Reactions:7
Comments:9

Top GitHub Comments

12reactions

viernullviercommented, Jun 18, 2020

We’ve been running into the same error message as @mizumotok - the default branch selection logic still seems to have some major issues.

Our configuration:

- name: Checkout deploy repo
        uses: actions/checkout@v2
        with:
          repository: redacted/redacted.url
          path: .redacted.url
          ssh-key: ${{ secrets.QA_DEPLOY_KEY }}

For the time being, setting the ref explicitly fixed the issue for us:

- name: Checkout deploy repo
        uses: actions/checkout@v2
        with:
          repository: redacted/redacted.url
          path: .redacted.url
          ref: master
          ssh-key: ${{ secrets.QA_DEPLOY_KEY }}

I agree with @drwoods - it seems like v2.3 introduced some breaking changes, so it should have been a v3 release instead.

6reactions

phireskycommented, Jun 18, 2020

Same here. This is breaking all of our test runs since they fetch info from a different repo than the tested one. Pretty sure this is caused by https://github.com/actions/checkout/pull/278 @ericsciple

Using the repo token is not a valid solution in general since it doesn’t work for ssh keys that are passed via secrets that are not part of the normal TOKEN.

For some reason in that PR it was decided to use the proprietary Github API instead of the standard git api to determine the default branch, which means this also shouldn’t work for repos from any other provider other than github.

The standard git api for determining the default branch is fetching the HEAD ref from the remote. If the repo is already synchronized, this is just git symbolic-ref refs/remotes/origin/HEAD. Otherwise, it can be fetched by either:

git remote show https://github.com/actions/checkout | grep 'HEAD branch' human readable, only works within a git repo
git ls-remote --exit-code --symref https://github.com/actions/checkout HEAD works from anywhere, independent of the surrounding repository, machine readable output (i guess)

Also, instead of just failing completely when default branch cannot be determined (might be possible to configure a repo to not have one?) it should probably still fall back to master to be compatible with previous behaviour?