Git Permissions Issue

[LandonSchropp]

Hey there Crazy Max. I'm trying to publish the contents of my build folder using this action. Here's my configuration:

name: Publish
uses: crazy-max/ghaction-github-pages@v1
with:
  target_branch: gh-pages
  build_dir: build
env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

When I get to the publish action, I run into this error:

🏃 Deploying build directory to gh-pages branch on LandonSchropp/landonschropp.com repo
git init
/home/runner/work/landonschropp.com/landonschropp.com/build/.git: Permission denied
##[error]The process 'git' failed with exit code 1
##[error]Node run failed with exit code 1

It looks like the error is happening here. However, I can't figure out why the build directory would have any weird permissions. Did the action somehow get pointed the wrong place? Any ideas?

Thanks in advance!

[crazy-max]

Hi @LandonSchropp, do you have a link to your repo?

Edit: Nevermind LandonSchropp/landonschropp.com

[crazy-max]

@LandonSchropp Can you put this step before Publish and give me the output please?

-
  name: Test
  run: ls -al build/

I think one of the previous step write files with a different user (maybe sudo cmd somewhere?) in your workflow

[LandonSchropp]

Thanks for the quick reply!

Ah, you're absolutely right. When I run the ls command, I see the permissions for the build directory as drwxr-xr-x.

My workflow was previously written in the old GitHub Actions format. Does the new format change how the user interacts with the action? I'm a little confused on how Docker plays in to the new workflow. Does your action run as a non-root user?

I tried this as a quick fix, but it didn't work:

Run chmod -R +rw build
  chmod -R +rw build
  shell: /bin/bash -e {0}
chmod: changing permissions of 'build': Operation not permitted

This doesn't seem to be an issue with this action, so I'll close the issue. The only other thing I can think of is that my yarn build action is using borales/actions-yarn, which may be creating the folder as a root user, and your action is using the base Ubuntu image. If you have any other ideas, I'd appreciate any insight. 🙂

Below is the output from that command. If you're curious and want to see the rest of the workflow, it's hosted here.

Run ls -al build/
total 84
drwxr-xr-x  6 root   root    4096 Nov 11 04:37 .
drwxr-xr-x 12 runner docker  4096 Nov 11 04:37 ..
-rw-r--r--  1 runner docker     0 Nov 11 04:36 .nojekyll
-rw-r--r--  1 runner docker    18 Nov 11 04:36 CNAME
drwxr-xr-x  3 runner docker  4096 Nov 11 04:37 images
-rw-r--r--  1 root   root   51813 Nov 11 04:37 index.html
drwxr-xr-x  2 root   root    4096 Nov 11 04:37 javascript
drwxr-xr-x 64 root   root    4096 Nov 11 04:37 notes
-rw-r--r--  1 runner docker    23 Nov 11 04:36 robots.txt
drwxr-xr-x  2 root   root    4096 Nov 11 04:37 stylesheets

[crazy-max]

@LandonSchropp

I'm a little confused on how Docker plays in to the new workflow.

Indeed, actions using Docker write files with root permissions unfortunately. That's why all my actions use Typescript because this is native and also more efficient (not build or download Docker image for the action).

What you can do to fix this issue with borales/actions-yarn is chown your workspace with sudo chown -R $(id -u):$(id -g) ${GITHUB_WORKSPACE} after but it could be slow if you've got many files and it's awful :)

So looking at your workflow I suggest to not use Docker actions when it's possible. In your case your workflow could run faster with this configuration:

name: Publish

on:
  push:
    branches:
      - master
  repository_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        # https://github.com/actions/checkout
        name: Checkout
        uses: actions/checkout@v1
      -
        # https://github.com/actions/setup-node
        name: Set up Node.js
        uses: actions/setup-node@v1
        with:
          node-version: 11
      -
        name: Yarn install
        run: |
          npm install -g yarn
          yarn install --frozen-lockfile
      -
        name: Yarn lint
        run: |
          yarn lint
      -
        name: Yarn download-content
        run: |
          yarn download-content
        env:
          CONTENTFUL_SPACE_ID: ${{ secrets.CONTENTFUL_SPACE_ID }}
          CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CONTENTFUL_ACCESS_TOKEN }}
      -
        name: Yarn lint
        run: |
          yarn build
        env:
          NODE_ENV: production
          PORT: "80"
          URL: https://landonschropp.com
      -
        name: Publish
        uses: crazy-max/ghaction-github-pages@v1
        with:
          target_branch: gh-pages
          build_dir: build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

You can also use cache to improve the process. Take a look at this workflow I use for one of my projects.

[LandonSchropp]

That did the trick! Thanks for all the help and for the explanation. 🙂

I also appreciate you pointing out cache and showing me your workflow. I wish I had seen that a few hours ago—it would have made this process much quicker.

Thanks again!

[crazy-max]

@LandonSchropp See limitation section also. You cannot use (for now) the GITHUB_TOKEN on a public repo.

[LandonSchropp]

That's strange, it seems to be working for me. 🤷