skip to Main Content

I’m trying to create a github action that searches all PRs in our repository with a specific label. The api call returns the correct result when running it locally with my personal access token but in the action it seems to get no results.

The default workflow permissions are "Read and write".

This is the action code:

name: Cleanup deploy-in-dev label

on:
  workflow_dispatch:
  schedule:
    - cron: "15 1 * * *"

jobs:
  cleanup:
    runs-on: ubuntu-latest
    steps:
      - name: Search label deploy-in-dev
        run: |-
          curl 
            -H "Accept: application/vnd.github+json" 
            -H "Authorization: Bearer ${GITHUB_TOKEN}" 
            -H "X-GitHub-Api-Version: 2022-11-28" 
            "https://api.github.com/search/issues?q=repo:private-org/example+is:pull-request+is:open+label:deploy-in-dev" 
            | grep ""number":" 
            | sed 's/.*"number": ([0-9]*),/1/g' 
            | while IFS= read -r pr_number; do
            echo "Found pr with label with pr number ${pr_number}"
          done

Could this be a permission error or do I miss something else?

2

Answers


  1. Chosen as BEST ANSWER

    I did not use the GITHUB_TOKEN correct. It needs to be ${{ secrets.GITHUB_TOKEN }} instead of ${ GIHTUB_TOKEN }. It works like this:

    name: Cleanup deploy-in-dev label
    
    on:
      workflow_dispatch:
      schedule:
        - cron: "15 1 * * *"
    
    jobs:
      cleanup:
        name: Search and remove deploy-in-dev label
        runs-on: ubuntu-latest
        permissions:
          pull-requests: read
        steps:
          - name: Search and remove label deploy-in-dev
            run: |-
              curl --silent 
                -H "Accept: application/vnd.github+json" 
                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" 
                -H "X-GitHub-Api-Version: 2022-11-28" 
                "https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" 
                | grep ""number":" 
                | sed 's/.*"number": ([0-9]*),/1/g' 
                | while IFS= read -r pr_number; do
                echo "Found pr with label with pr number ${pr_number}"
              done
    

    As a bonus I added to minimal set of permissions to the action so that it still runs. The only permission needed is pull-requests: read. If the action should also be able to add or remove a label the permission needs to be pull-requests: write. The complete action I now use is this one:

    name: Cleanup deploy-in-dev label
    
    on:
      workflow_dispatch:
      schedule:
        - cron: "15 1 * * *"
    
    jobs:
      cleanup:
        name: Search and remove deploy-in-dev label
        runs-on: ubuntu-latest
        permissions:
          pull-requests: write
        steps:
          - name: Search and remove label deploy-in-dev
            run: |-
              curl --silent 
                -H "Accept: application/vnd.github+json" 
                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" 
                -H "X-GitHub-Api-Version: 2022-11-28" 
                "https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" 
                | grep ""number":" 
                | sed 's/.*"number": ([0-9]*),/1/g' 
                | while IFS= read -r pr_number; do
                echo "Removing label from pr number ${pr_number}"
                curl --silent 
                  -X DELETE 
                  -H "Accept: application/vnd.github+json" 
                  -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"
                  -H "X-GitHub-Api-Version: 2022-11-28" 
                  https://api.github.com/repos/${{ github.repository }}/issues/${pr_number}/labels/deploy-in-dev
              done
    

  2. There is a great GH action – GitHub Script. It allows writing scripts in your workflow and provides an easy and elegant way to run these scripts.

    Working example:

    name: Cleanup deploy-in-dev label
    
    on:
      workflow_dispatch:
      schedule:
        - cron: "15 1 * * *"
    
    jobs:
      cleanup:
        name: Search and remove deploy-in-dev label
        runs-on: ubuntu-latest
        permissions:
          pull-requests: write
    
        steps:
          - uses: actions/github-script@v6
            name: Search and remove deploy-in-dev label
            with:
              script: |
                const label = 'deploy-in-dev';
    
                const pullRequests = await github.rest.pulls.list({
                  owner: context.repo.owner,
                  repo: context.repo.repo,
                  state: 'open'
                });
    
                console.log(`Found ${pullRequests.data.length} Pull Request(s)`);
    
                await Promise.all(pullRequests.data.map(async (pr) => {
                  if (pr.labels.filter(l => l.name === label).length === 0) {
                    console.log(`Skipping PR number ${pr.number}`);
                    return;
                  }
    
                  console.log(`Removing label ${label} from PR number ${pr.number}`);
    
                  await github.rest.issues.removeLabel({
                    owner: context.repo.owner,
                    repo: context.repo.repo,
                    issue_number: pr.number,
                    name: label
                  });
                }));
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search