Failing to deploy GitHub pages because of write permission - github-pages

I'm building my website forked from https://github.com/academicpages/academicpages.github.io. During the job setup, the log clearly prints:
GITHUB_TOKEN Permissions:
Contents: read
Metadata: read
Pages: write
But during deployment, it still shows:
Error: Failed to create deployment (status: 403) with build version 9ffb90cf2f2dc3f0730157bdaaf35866ed4b6a35. Ensure GITHUB_TOKEN has permission "pages: write".
I tried building from Actions but that created more errors, so I'm just trying to get build from branch to work.

Related

google-github-actions/auth failed with did not inject $ACTIONS_ID_TOKEN_REQUEST_TOKEN or $ACTIONS_ID_TOKEN_REQUEST_URL

In github actions I'm running an action that is trying to use github to GCP federated id:
# see https://github.com/marketplace/actions/authenticate-to-google-cloud#setup
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth#v0'
with:
workload_identity_provider: 'projects/1234/locations/global/workloadIdentityPools/my-github-pool/providers/my-github-oidc-provider'
service_account: 'my-github-sa#projxyz.iam.gserviceaccount.com'
I'm getting:
Run google-github-actions/auth#v0
Error: google-github-actions/auth failed with: retry function failed after 1 attempt:
gitHub Actions did not inject $ACTIONS_ID_TOKEN_REQUEST_TOKEN or
$ACTIONS_ID_TOKEN_REQUEST_URL into this job.
This most likely means the GitHub Actions workflow permissions are incorrect, or this job is being run from a fork.
For more information, please see https://docs.github.com/en/actions/security-guides/automatic-
token-authentication#permissions-for-the-github_token
I'm looking at the referenced doc but I'm not seeing anything useful.
How to I get GH to inject those values?
I needed to add:
jobs:
my_job:
# Need to add these 3 lines to add "id-token" with the intended permissions.
permissions:
contents: 'read'
id-token: 'write'
This is documented here: https://github.com/google-github-actions/auth#usage

Why GCloud Builds submit failing after creating image?

I am learning deploying a pubsub service to run under Cloud Run, by following the guidelines given here
Steps I followed are:
Created a new project folder "myProject" in my local machine
Added below files:
app.jsindex.jsDockerfile
Executed below command to ship the code
gcloud builds submit --tag gcr.io/Project-ID/pubsub
It's mentioned in the tutorial document that
Upon success, you should see a SUCCESS message containing the ID, creation time, and image name. The image is stored in Container Registry and can be re-used if desired.
But in my case it's returning with error: (Ref: screenshot)
I have verified the build logs, "It's success"
So I thought to ignore this error and proceed with the next step to deploy the app by running the command:
gcloud run deploy sks-pubsub-cloudrun --image gcr.io/Project-ID/pubsub --no-allow-unauthenticated
When I run this command it immediately asking to specify the region (26 is my choice) from the list.
Next it fails with error:
Deploying container to Cloud Run service [sks-pubsub-cloudrun] in project [Project-ID] region [us-central1]
Deploying new service... Cloud Run error: The user-provided container failed to start and listen on the port defined provided by the PORT=8080 environment variable.
Logs for this revision might contain more information.
As I am new to this GCP & Dockerizing services, not understanding this issue and unable to fix it. I researched many blogs and articles yet no proper solution for this error.
Any help will be appreciated.
Tried to run the container locally and it's failing with error.
I'm using VS Code IDE, and "Cloud Code: Debug on Cloud Run Emulator" to debug the code.
Starting to debug the app using configuration `Cloud Run: Run/Debug Locally` from .vscode/launch.json
To view more detailed logs, go to Output channel : "Cloud Run: Run/Debug Locally - Detailed"
Dependency check started
Dependency check succeeded
Unpausing minikube
The minikube profile 'cloud-run-dev-internal' has been scheduled to stop automatically after exiting Cloud Code. To disable this on future deployments, set autoStop to false in your launch configuration d:\POC\promo_run_pubsub\.vscode\launch.json
Configuring minikube gcp-auth addon
Using GCP project 'Project-Id' with minikube gcp-auth
Failed to configure minikube gcp-auth addon. Your app might not be able to authenticate Google or GCP APIs it calls. The addon has been disabled. More details can be found in the detailed logs.
Update initiated
Deploy started
Deploy completed
Status check started
Resource pod/promo-run-pubsub-5d4cd64bf9-8pf4q status updated to In Progress
Resource deployment/promo-run-pubsub status updated to In Progress
Resource pod/promo-run-pubsub-5d4cd64bf9-8pf4q status updated to In Progress
Resource deployment/promo-run-pubsub status failed with waiting for rollout to finish: 0 of 1 updated replicas are available...
Status check failed
Update failed with error code STATUSCHECK_CONTAINER_TERMINATED
1/1 deployment(s) failed
Skaffold exited with code 1.
Cleaning up...
Finished clean up.

Google Cloud Build Reject build failed with error: Build {build-id} might not have been rejected: Precondition check failed

I would like to reject old builds from the Google Cloud Build console. When I use the console following the instructions from the documentation, I receive an error:
Build {build-id} might not have been rejected: Precondition check failed.
I have tried to cancel the build. It gives me a generic error response:
The attempted action failed, please try again.
Tracking number: {tracking number}
I have tried using the gcloud command:
NOT_FOUND: Requested entity was not found
However, the build is still in the Cloud Build console.
I reproduced your case, I was able to reject/cancel builds which were pending approval.
Steps I followed,
First you have to create trigger builds, by providing all the
information as mentioned in this documentation .
I selected, Event as push to branch, source as USERNAME/cloud-build-samples(GitHub App), branch : ^main$,
configuration : Cloud Build configuration file (yaml or json),
location: Repository, Cloudbuild configuration file location: quickstart-automate/cloudbuild.yaml
Check the box of Approval to configure build triggers which require
approval before the build executes.
After your build trigger is ready, commit a change to your cloned
cloud-build-samples repository on your own GitHub account by updating
your source code and then Commit your changes to GitHub by running
the following commands:
git add quickstart-automate/main.go
git commit -m "update text"
git push
You may be prompted to enter your credentials when pushing code to your repository. If prompted, enter your username and authentication token that you generated from your GitHub account. You have now pushed a change to your repository. Your push will result in an automatic build by your trigger.
Now provide the gcloud commands to reject this pending approval
trigger build.
gcloud alpha builds reject BUILD_ID --project=PROJECT_ID \
Note : BUILD_ID is present in the Execution details of that particular build. Click on the specific trigger with build number, check the build details, you will find Build id. Use this build id in the gcloud command for rejecting pending builds.
After running the command, the build was rejected and the console UI
showed the same.
Also I tried rejecting the pending builds using the console/UI that
worked too.
Check this documentation when you see 4xx errors.

Fail to deploy project to Google Cloud App Engine Standard

I have a project that has been running fine, but I want to make some changes and solve some bugs so I tried to deploy my app using the Google Cloud SDK (gcloud app deploy)
Services to deploy:
descriptor: [/home/projects/Myproject/app.yaml]
source: [/home/projects/Myproject/]
target project: [my-project]
target service: [default]
target version: [20200902t153320]
target url: [https://my-project.uc.r.appspot.com]
Do you want to continue (Y/n)?
Beginning deployment of service [default]...
╔════════════════════════════════════════════════════════════╗
╠═ Uploading 2 files to Google Cloud Storage ═╣
╚════════════════════════════════════════════════════════════╝
File upload done.
Updating service [default]...failed.
ERROR: (gcloud.app.deploy) Error Response: [9] Cloud build 3ebf37fb-b18d-4c68-b352d-10bd8758f90b0 status: FAILURE
Error type: OK
Full build logs: https://console.cloud.google.com/cloud-build/builds/3ebf37fb-b18d-4c68-b32d-10bd8s78f90b0?project=my-projectid
This used to work yesterday fine but now it gives me this error and I cannot make any changes:
ERROR: build step 6 "us.gcr.io/gae-runtimes/buildpacks/python38/builder:python38_20200816_3_8_5_RC01" failed: step exited with non-zero status: 246
ERROR
Finished Step #6 - "exporter"
Step #6 - "exporter": ERROR: failed to export: failed to write image to the following tags: [us.gcr.io/my-project/app-engine-tmp/app/ttl-2h/default/buildpack-app:latest: GET https://us.gcr.io/v2/token?scope=repository%3Amy-project%2Fapp-engine-tmp%2Fapp%2Fttl-2h%2Fdefault%2Fbuildpack-app%3Apush%2Cpull&scope=repository%3Agae-runtimes%2Fbuildpacks%2Fpython38%2Frun%3Apull&service=us.gcr.io: DENIED: Token exchange failed for project 'my-project'. Access denied.]
Step #6 - "exporter": *** Digest: sha256:bd8121f23cb362683e7c32a8bbdf2a900606373f8edfsdf36fe0ffb17014
Step #6 - "exporter":
Step #6 - "exporter": us.gcr.io/my-project/app-engine-tmp/app/ttl-2h/default/buildpack-app:latest - GET https://us.gcr.io/v2/token?scope=repository%3Amy-project%2Fapp-engine-tmp%2Fapp%2Fttl-2h%2Fdefault%2Fbuildpack-app%3Apush%2Cpull&scope=repository%3Agae-runtimes%2Fbuildpacks%2Fpython38%2Frun%3Apull&service=us.gcr.io: DENIED: Token exchange failed for project 'my-project'. Access denied.
Step #6 - "exporter": *** Images (sha256:bd8121f23cb362683e7c32adfssd73f8ea51326f36fe0ffb17014):
I tried changing my authentication, so i used gcloud auth revoke and gcloud app login to refresh them. I also deleted the files in the storage and loaded them again. I even tried to upload the code to GitHub and make the deployment from there using an activator. Noting seems to work out.
The project has all the permissions. The service accounts are enabled. And I just don't understand what is wrong. I am not using Docker, so I did not change any of the default configurations in the Standard app engine
I have faced this recently.
Billing is not always the issue. Sometimes if there are no changes going in and you are trying to deploy the same version again, creates this problem as well.
Two Workarounds (not solutions)
Use a random versioning scheme instead of --version SOME_STATIC_VALUE
Ensure that there are some changes in the code getting deployed.
I ran into the same issue until running other GCP commands lead to the conclusion (for me) that GCP refused to deploy because there was no billing account associated with my project. App Engine and the logs did not tell me about it and just told me about some docker push issues. Try checking to see if you have an active billing account set up and if there's any issues with that billing account.
Linking a billing account solved the issue for me and I was able to deploy my stuff fine using App Engine.

AWS: ERROR: Pre-processing of application version xxx has failed and Some application versions failed to process. Unable to continue deployment

Hi I am trying to deploy a node application from cloud 9 to ELB but I keep getting the below error.
Starting environment deployment via CodeCommit
--- Waiting for Application Versions to be pre-processed --- ERROR: Pre-processing of application version app-491a-200623_151654 has
failed. ERROR: Some application versions failed to process. Unable to
continue deployment.
I have attached an image of the IAM roles that I have. Any solutions?
Go to your console and open up your elastic beanstalk console. Go to both applications and environments and delete them. Then in your terminal hit
eb init #Follow instructions
eb create --single ##Follow instructions.
It would fix the error, which is due to some application states which are failed. If you want to check those do
aws elasticbeanstalk describe-application-versions
I was searching for this answer as a result of watching a YouTube tutorial for how to pass the AWS Certified Developer Associate exam. If anyone else gets this error as a result of that tutorial, delete the 002_node_command.config file created in the tutorial and commit that change, as that is causing the error to occur.
A failure within the pre-processing phase, may be caused by an invalid manifest, configuration or .ebextensions file.
If you deploy an (invalid) application version using eb deploy and you enable the preprocess option, The details of the error will not be revealed.
You can remove the --process flag and enable the verbose option to improve error output.
in my case I deploy using this command:
eb deploy -l "XXX" -p
And can return a failure when I mess around with .ebextensions:
ERROR: Pre-processing of application version xxx has failed.
ERROR: Some application versions failed to process. Unable to continue deployment.
With that result I can't figure up what is wrong,
but deploying without -p (or --process)and adding -v (verbose) flag:
eb deploy -l "$deployname" -v
It returns something more useful:
Uploading: [##################################################] 100% Done...
INFO: Creating AppVersion xxx
ERROR: InvalidParameterValueError - The configuration file .ebextensions/16-my_custom_config_file.config in application version xxx contains invalid YAML or JSON.
YAML exception: Invalid Yaml: while scanning a simple key
in 'reader', line 6, column 1:
(... details of the error ...)
, JSON exception: Invalid JSON: Unexpected character (#) at position 0.. Update the configuration file.
Now I can fix the problem.