Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the permissions a little more obvious #512

Closed
seebees opened this issue Oct 5, 2022 · 6 comments
Closed

Make the permissions a little more obvious #512

seebees opened this issue Oct 5, 2022 · 6 comments
Labels
documentation This is an issue with documentation effort/small This issue will take less than a day of effort to fix p2

Comments

@seebees
Copy link

seebees commented Oct 5, 2022

Describe the issue

You have this, which is pretty obvous.

    # These permissions are needed to interact with GitHub's OIDC Token endpoint.
    permissions:
      id-token: write
      contents: read

However, if you miss it
because there is a checkout action between that line
and the use of the action...

Then you get this error Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers.

I suggest a quick FAQ like "Got this error? are you sure you added the permissions?
@seebees seebees added documentation This is an issue with documentation needs-triage This issue still needs to be triaged labels Oct 5, 2022
@peterwoodworth
Copy link
Contributor

Thanks for the suggestion @seebees,

Can you clarify what exactly the confusion you had was? It's not super clear to me what the exact issue you had was and what you did to fix it. Is it that you didn't include the permissions at all?

@peterwoodworth peterwoodworth added p2 effort/small This issue will take less than a day of effort to fix and removed needs-triage This issue still needs to be triaged labels Oct 5, 2022
@seebees
Copy link
Author

seebees commented Oct 6, 2022

I had an existing workflow and I needed to add configure-aws-credentials to it.
So I copied the cloud formation template and ran that in a test account,
and then copied

    - name: Configure AWS credentials from Test account
      uses: aws-actions/configure-aws-credentials@v1
      with:
        role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
        aws-region: us-east-1

into my action and edited as appropriate.
Ran it and got the error.

It was not clear if I had not set up the IAM resources correctly
and I could not find any logs in AWS.
(obviously because there was no log, but I did not know that ;)

When I looked at a working example,
I noticed the permissions part.
I added it and was off to the races.

As I think even more,
even better than an FAQ would be to add an error message.
brb

@seebees seebees mentioned this issue Oct 6, 2022
Closed
@seebees
Copy link
Author

seebees commented Oct 6, 2022

Feel free to change that code in any way.
That was just a quick suggestion :)

@nchammas
Copy link

nchammas commented May 24, 2023
edited

I second this suggestion, as I hit the same problem myself. It wasn't clear from the error message that I was missing the permissions block in the job definition.

@peterwoodworth
Copy link
Contributor

peterwoodworth commented Aug 24, 2023
edited

There's now a helpful info message in v3 if the permissions are lacking but likely necessary, and the docs on this are more clear

@github-actions
Copy link

** Note **
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation This is an issue with documentation effort/small This issue will take less than a day of effort to fix p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seebees @nchammas @peterwoodworth