Question 38190 in Ubuntu Question posted in
The official Ubuntu documentation can be found here.

Can a github action use the search api? – Ubuntu

I’m trying to create a github action that searches all PRs in our repository with a specific label. The api call returns the correct result when running it locally with my personal access token but in the action it seems to get no results.

The default workflow permissions are "Read and write".

This is the action code:

name: Cleanup deploy-in-dev label

on:
  workflow_dispatch:
  schedule:
    - cron: "15 1 * * *"

jobs:
  cleanup:
    runs-on: ubuntu-latest
    steps:
      - name: Search label deploy-in-dev
        run: |-
          curl 
            -H "Accept: application/vnd.github+json" 
            -H "Authorization: Bearer ${GITHUB_TOKEN}" 
            -H "X-GitHub-Api-Version: 2022-11-28" 
            "https://api.github.com/search/issues?q=repo:private-org/example+is:pull-request+is:open+label:deploy-in-dev" 
            | grep ""number":" 
            | sed 's/.*"number": ([0-9]*),/1/g' 
            | while IFS= read -r pr_number; do
            echo "Found pr with label with pr number ${pr_number}"
          done

Could this be a permission error or do I miss something else?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I did not use the GITHUB_TOKEN correct. It needs to be ${{ secrets.GITHUB_TOKEN }} instead of ${ GIHTUB_TOKEN }. It works like this:

    name: Cleanup deploy-in-dev label

on:
  workflow_dispatch:
  schedule:
    - cron: "15 1 * * *"

jobs:
  cleanup:
    name: Search and remove deploy-in-dev label
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read
    steps:
      - name: Search and remove label deploy-in-dev
        run: |-
          curl --silent 
            -H "Accept: application/vnd.github+json" 
            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" 
            -H "X-GitHub-Api-Version: 2022-11-28" 
            "https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" 
            | grep ""number":" 
            | sed 's/.*"number": ([0-9]*),/1/g' 
            | while IFS= read -r pr_number; do
            echo "Found pr with label with pr number ${pr_number}"
          done

    As a bonus I added to minimal set of permissions to the action so that it still runs. The only permission needed is pull-requests: read. If the action should also be able to add or remove a label the permission needs to be pull-requests: write. The complete action I now use is this one:

    name: Cleanup deploy-in-dev label

on:
  workflow_dispatch:
  schedule:
    - cron: "15 1 * * *"

jobs:
  cleanup:
    name: Search and remove deploy-in-dev label
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - name: Search and remove label deploy-in-dev
        run: |-
          curl --silent 
            -H "Accept: application/vnd.github+json" 
            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" 
            -H "X-GitHub-Api-Version: 2022-11-28" 
            "https://api.github.com/search/issues?q=repo:${{ github.repository }}+is:pull-request+is:open+label:deploy-in-dev" 
            | grep ""number":" 
            | sed 's/.*"number": ([0-9]*),/1/g' 
            | while IFS= read -r pr_number; do
            echo "Removing label from pr number ${pr_number}"
            curl --silent 
              -X DELETE 
              -H "Accept: application/vnd.github+json" 
              -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"
              -H "X-GitHub-Api-Version: 2022-11-28" 
              https://api.github.com/repos/${{ github.repository }}/issues/${pr_number}/labels/deploy-in-dev
          done

  2. 0

    There is a great GH action – GitHub Script. It allows writing scripts in your workflow and provides an easy and elegant way to run these scripts.

    Working example:

    name: Cleanup deploy-in-dev label

on:
  workflow_dispatch:
  schedule:
    - cron: "15 1 * * *"

jobs:
  cleanup:
    name: Search and remove deploy-in-dev label
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write

    steps:
      - uses: actions/github-script@v6
        name: Search and remove deploy-in-dev label
        with:
          script: |
            const label = 'deploy-in-dev';

            const pullRequests = await github.rest.pulls.list({
              owner: context.repo.owner,
              repo: context.repo.repo,
              state: 'open'
            });

            console.log(`Found ${pullRequests.data.length} Pull Request(s)`);

            await Promise.all(pullRequests.data.map(async (pr) => {
              if (pr.labels.filter(l => l.name === label).length === 0) {
                console.log(`Skipping PR number ${pr.number}`);
                return;
              }

              console.log(`Removing label ${label} from PR number ${pr.number}`);

              await github.rest.issues.removeLabel({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: pr.number,
                name: label
              });
            }));
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search