Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Azure Web Apps Deploy action doesn't ask for content read permission #170

Open
lucasbfr opened this issue Aug 7, 2024 · 1 comment
Open

Comments

@lucasbfr
Copy link

lucasbfr commented Aug 7, 2024

Hi,

when setting up a brand new .net 8 deployment straight from the Azure portal, I encountered the following error at the "Checkout GitHub Action" step:

Fetching the repository
  "C:\Program Files\Git\bin\git.exe" -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +[REDACTED]:refs/remotes/origin/main
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/lucasbfr/[REDACTED]' not found
  The process 'C:\Program Files\Git\bin\git.exe' failed with exit code 128

This is caused by a missing permission. The ones created by Azure are
permissions: id-token: write #This is required for requesting the JWT

However,
contents: read #attempt to read the private repo
is required to be able to read a (I guess non public) repository.

The previous version of this script worked, probably because it was not setting any permission and contents: read is the default overridden by the new version.

@lucasbfr
Copy link
Author

lucasbfr commented Aug 7, 2024

Also created at actions/starter-workflows#2467 (which is probably a better place?). You can probably close this if that's the case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant