Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Bad tokens being passed to runners, resulting in 401 errors
See original GitHub issueDescribe the bug
We see 401 errors in the setup portions of our actions, especially when trying to download action tarball URLs like https://api.github.com/repos/actions/checkout/tarball/a81bbbf8298c0fa03ea29cdc473d45769f953675, and especially in workflows with a number of jobs (~20). It doesn’t happen every build, but happens frequently enough to be annoying.
Examples can also be seen around the web of this happening to others:
- https://github.com/tailscale/tailscale/actions/runs/92926574
- https://github.community/t/failure-during-job-set-up/16142
- https://github.com/fastai/fastai2/actions/runs/25226353
Runner Version and Platform
Version of your runner? 2.273.5
OS of the machine running the runner? Linux
Job Log Output
Current runner version: '2.273.5'
Prepare workflow directory
Prepare all required actions
Getting action download info
Download action repository 'actions/checkout@v2'
Warning: Failed to download action 'https://api.github.com/repos/actions/checkout/tarball/a81bbbf8298c0fa03ea29cdc473d45769f953675'. Error: Response status code does not indicate success: 401 (Unauthorized).
Warning: Back off 18.746 seconds before retry.
Warning: Failed to download action 'https://api.github.com/repos/actions/checkout/tarball/a81bbbf8298c0fa03ea29cdc473d45769f953675'. Error: Response status code does not indicate success: 401 (Unauthorized).
Warning: Back off 18.006 seconds before retry.
Error: Response status code does not indicate success: 401 (Unauthorized).
Suggestions
EDIT: a previous version of this description had presumed it was due to rate-limiting, but subsequent debugging has shown it’s actually bad tokens being passed to the runners and the 401s are actually Bad credentials errors.
So I’m not sure what to suggest here beyond:
- Don’t pass bad/expired tokens to runners (still unclear why this is happening – why aren’t the tokens valid?)
- Provide better debugging of errors (include response bodies)
- Provide a way to debug tokens, and why api.github.com would be returning
Bad credentialsfor them.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:6
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I can actually replicate this just by doing this from my actions:
About 1 in 100 jobs will fail with a 401
Bad credentialsmessage – so it seems that every now and then an invalid token is being issued?Is there any way I can debug this any further?
@thboop just curious what changed in between? we’re experiencing similar issues