Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TypeError: Cannot read properties of undefined (reading 'createReview') #166

Open
maciejmakowski opened this issue Nov 23, 2022 · 14 comments

Comments

@maciejmakowski
Copy link

I am still in the process of further investigating what could have changed, but I thought I am going to post here in case anyone else has an idea.

As far as we know, nothing changed in the configuration of the token itself or the secret, but suddenly (around 12-24h ago) the setup that we had successfully working for months started failing with:

dependency type: production
security critical: false
config: production:semver:patch
production:semver:patch detected, will auto-merge
Error: Cannot read properties of undefined (reading 'createReview')
TypeError: Cannot read properties of undefined (reading 'createReview')
    at approve ([file:///action/lib/api.js:2:23](https://github.com/ahmadnassri/action-dependabot-auto-merge/blob/master/action/lib/api.js#L2))
    at default (file:///action/lib/index.js:31:11)
    at file:///action/index.js:[53](https://github.com/1debit/dependabot-test/actions/runs/3527941119/jobs/5919738455#step:4:54):7
    at ModuleJob.run (node:internal/modules/esm/module_job:194:25)

The line in question is this:

  await octokit.pulls.createReview({

Which appears to mean that octokit.pulls is undefined, but also that it does not appear to be a permission issue as such with the token since it got that far.

At first I thought that something might have changed on the latest 2.6.1 release from earlier today, but I confirmed that the issue is also still happening with 2.6.0 which as I said before we've been using fine for months.

I am also sending this to Github support, but I was wondering whether anyone else has seen this and if yes, whether they found a solution for it.

Thanks in advance.

@calteran
Copy link

I'm also seeing this in my projects, again, without changes on my side.


Run ahmadnassri/action-dependabot-auto-merge@v2
  with:
    github-token: ***
    target: minor
    config: .github/auto-merge.yml
    command: merge
    botName: dependabot
    approve: true
/usr/bin/docker run --name ghcrioahmadnassriactiondependabotautomergev2_55639b --label 290506 --workdir /github/workspace --rm -e "INPUT_GITHUB-TOKEN" -e "INPUT_TARGET" -e "INPUT_CONFIG" -e "INPUT_COMMAND" -e "INPUT_BOTNAME" -e "INPUT_APPROVE" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/phoenix/phoenix":"/github/workspace" ghcr.io/ahmadnassri/action-dependabot-auto-merge:v2
using workflow's "target": 
- match:
    dependency_type: all
    update_type: semver:minor

title: "Bump cypress from 11.1.0 to 11.2.0"
depName: cypress
from: 11.1.0
to: 11.2.0
dependency type: development
security critical: false
config: all:semver:minor
all:semver:minor detected, will auto-merge
Error: Cannot read properties of undefined (reading 'createReview')
TypeError: Cannot read properties of undefined (reading 'createReview')
    at approve (file:///action/lib/api.js:2:23)
    at default (file:///action/lib/index.js:31:11)
    at file:///action/index.js:53:7
    at ModuleJob.run (node:internal/modules/esm/module_job:194:25)

@mauriciabad
Copy link
Contributor

Same here

@MarcelScheeler
Copy link

I can confirm the problem.

@char0n
Copy link

char0n commented Nov 23, 2022

I can confirm as well. I've tried downgrading down to 2.5.x, with no effect. Still seeing the error.

@boboldehampsink
Copy link

Same here

@sdk1990
Copy link

sdk1990 commented Nov 24, 2022

Another one here.

@char0n
Copy link

char0n commented Nov 24, 2022

For anybody looking for a solution for this problem.

Here is how my workflow looked before (using this action):

name: Merge me!

on:
  pull_request_target:

jobs:
  merge-me:
    name: Merge me!
    if: github.actor == 'dependabot[bot]'
    runs-on: ubuntu-latest
    steps:
      - name: Merge me!
        uses: ahmadnassri/action-dependabot-auto-merge@v2
        with:
          target: minor
          github-token: ${{ secrets.SWAGGER_BOT_GITHUB_TOKEN }}
          command: squash and merge

Here is the replacement workflow which works exactly the same:

name: Merge me!

on:
  pull_request_target:

jobs:
  merge-me:
    name: Merge me!
    runs-on: ubuntu-latest
    # Checking the actor will prevent your Action run failing on non-Dependabot
    # PRs but also ensures that it only does work for Dependabot PRs.
    if: github.actor == 'dependabot[bot]'
    steps:
      # This first step will fail if there's no metadata and so the approval
      # will not occur.
      - name: Dependabot metadata
        id: dependabot-metadata
        uses: dependabot/[email protected]
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      # Finally, tell dependabot to merge the PR if all checks are successful
      - name: Instruct dependabot to squash & merge
        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
        uses: mshick/add-pr-comment@v2
        with:
          repo-token: ${{ secrets.SWAGGER_BOT_GITHUB_TOKEN }}
          allow-repeats: true
          message: |
            @dependabot squash and merge
        env:
          GITHUB_TOKEN: ${{ secrets.SWAGGER_BOT_GITHUB_TOKEN }}

@eliashaeussler
Copy link

Nice, thanks for sharing @char0n! 👍

@leezumstein
Copy link
Contributor

Fairly certain you need to use octokit.rest.<api method> now with the latest version, why it's throwing an undefined error.

I can open a PR in a bit to update this.

@maciejmakowski
Copy link
Author

Thank you for the quick turnaround on this @leezumstein and @ahmadnassri! I updated to 2.6.2 and things started working for us again. 🚀

I'm still trying to understand though how this broke without any visible changes? Or was Octokit somehow updated at the time when it broke without it being visible in the code changes in this repo?

I don't see any new releases of Octokit here either (or is that not the package this GH action is using?):
https://github.com/octokit/octokit.js/releases

@leezumstein
Copy link
Contributor

leezumstein commented Nov 24, 2022

Thank you for the quick turnaround on this @leezumstein and @ahmadnassri! I updated to 2.6.2 and things started working for us again. 🚀

I'm still trying to understand though how this broke without any visible changes? Or was Octokit somehow updated at the time when it broke without it being visible in the code changes in this repo?

I don't see any new releases of Octokit here either (or is that not the package this GH action is using?): https://github.com/octokit/octokit.js/releases

I believe this action still ends up pulling the updated docker image irregardless of which version of the action you're targeting.

Dependencies we're updated with the recent docker image push which caused the breaking change.

@maciejmakowski
Copy link
Author

maciejmakowski commented Nov 24, 2022

Can you please clarify @leezumstein: What is the Docker image you are referring to? Is it this one?
https://github.com/ahmadnassri/action-dependabot-auto-merge/pkgs/container/action-dependabot-auto-merge

I believe that's governed by this Dockerfile:
https://github.com/ahmadnassri/action-dependabot-auto-merge/blob/master/Dockerfile

With that, shouldn't the octokit dependencies be governed by what's in the package-lock.json?

There was only one change to dependencies in this repo when things broke (#162) and that didn't appear to touch on anything Github action or Octokit related.

I don't see at all when the change to have to use octokit.rest. was introduced, but I have to admit I don't really know where I should be looking for this:
https://github.com/octokit/octokit.js/releases
https://github.com/octokit/core.js/releases
https://github.com/octokit/rest.js/releases

As far as I can see, it should have been octokit.rest. for a long time, and so it's even more of a conundrum for me what changed and why this broke two days ago.

Again, just trying to understand what happened here for future reference and also as a learning experience for me.

@mknepprath
Copy link

I updated to 2.6.2 and things started working for us again. 🚀

Same, thanks!

@maciejmakowski
Copy link
Author

@mknepprath looking at your PR (mknepprath/mknepprath-next#976), you probably want to go back to @2 now again, otherwise you'll get stuck on 2.6.2 or will have to continue to update it manually, unlike with @2 where you get update automatically.

Alternatively, you can also set up Dependabot to update your Github Actions too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants