Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

downloadRepo at GitHub action Failed to run. #137

Closed
ZhangChengLin opened this issue May 26, 2023 · 23 comments
Closed

downloadRepo at GitHub action Failed to run. #137

ZhangChengLin opened this issue May 26, 2023 · 23 comments

Comments

@ZhangChengLin
Copy link

The downloadRepo problem involved in it runs fine locally, but after submitting to GitHub, it cannot continue when using action deployment. Where is this causing the problem? If there are other addresses that can be used normally on the GitHub side, you can test again and try to rule out the wrong direction.

Or is it possible to add fields for exclusive local use?

The address used is the following address.
"downloadRepo": "https://hub.gitmirror.com/https://github.com/"
@XhmikosR
Copy link
Collaborator

Which version did you use? Does this occur with v102.2.2?

@ZhangChengLin
Copy link
Author

Is this specified version special? I can give it a try if needed. I hope you provide the specific version number and the version number of hugo

@XhmikosR
Copy link
Collaborator

I'm trying to understand if this is a regression or not. Please always state the Node.js and hugo-bin versions. Unless I can reproduce the problem, there's nothing to be done.

@ZhangChengLin
Copy link
Author

This is the fastest available to see the history, locally is

node -v
v16.20.0

GitHub action 是nodejs 18+
https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5056217902

@XhmikosR
Copy link
Collaborator

Does v102.2.2 work?

@ZhangChengLin
Copy link
Author

Does v102.2.2 work?

At that time, I didn't know how to use Hugo, so I didn't know if it worked.

@XhmikosR
Copy link
Collaborator

Please downgrade it in your repo and try again with v102.2.2. The error could be unrelated to hugo-bin.

@ZhangChengLin
Copy link
Author

Do you mean try this version?
I don't know the v102.2.2 you mentioned,
https://github.com/fenneclab/hugo-bin/releases/tag/v0.102.2

Hugo does not have your version number.

module:
hugoVersion:
extended: true
max: "0.112.3"
min: "0.112.3"

@XhmikosR
Copy link
Collaborator 

npm i [email protected] -D

@ZhangChengLin
Copy link
Author 

npm i [email protected] -D

`>npm i [email protected] -D
npm ERR! code ETARGET
npm ERR! notarget No matching version found for [email protected].
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Administrator\AppData\Local\npm-cache_logs\2023-05-27T04_39_54_012Z-debug-0.log

`

@XhmikosR
Copy link
Collaborator 

npm i [email protected] -D

Test if it works. Then reinstall the latest version and try again:

npm i hugo-bin@latest -D

@ZhangChengLin
Copy link
Author

ZhangChengLin commented May 27, 2023
edited by XhmikosR
Loading

Run npm ci

  npm ci
  shell: /usr/bin/bash -e {0}
  env:
    FORCE_COLOR: [2](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:2)
    NODE: 18
npm ERR! code 1
npm ERR! path /home/runner/work/jzeg-net.github.io/jzeg-net.github.io/node_modules/hugo-bin
npm ERR! command failed
npm ERR! command sh -c node lib/install.js
npm ERR! Hugo binary installation failed!
npm ERR! file:///home/runner/work/jzeg-net.github.io/jzeg-net.github.io/node_modules/hugo-bin/lib/install.js:[3](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:3)9
npm ERR!       throw new Error(error);
npm ERR!             ^
npm ERR! 
npm ERR! Error: HTTPError: Response code [4](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:4)03 (Forbidden)
npm ERR!     at file:///home/runner/work/jzeg-net.github.io/jzeg-net.github.io/node_modules/hugo-bin/lib/install.js:39:13
npm ERR!     at process.processTicksAndRejections (node:internal/process/task_queues:9[5](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:5):5)
npm ERR! 
npm ERR! Node.js v18.1[6](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:6).0

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/runner/.npm/_logs/2023-05-2[7](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:8)T04_57_3[9](https://github.com/jzeg-net/jzeg-net.github.io/actions/runs/5097097782/jobs/9163401294#step:4:10)_095Z-debug-0.log
Error: Process completed with exit code 1.

@ZhangChengLin
Copy link
Author

Does this describe a problem with the third-party site?
GitHub server access not allowed? Still pre-read the address of downloadRepo that does not have a specific mirror address and report a 403 error.
many possibilities

@XhmikosR
Copy link
Collaborator

I have no idea why this happens to you... Tests are passing with an empty downloadRepo and I use hugo-bin in all of our projects.

Also, your CI is passing in some cases and not in others which hints that it's unrelated to hugo-bin.

You'll have to debug the issue yourself and if it's something wrong with the code here, feel free to submit a PR.

@ZhangChengLin
Copy link
Author

ZhangChengLin commented May 27, 2023
edited
Loading

I have no idea why this happens to you... Tests are passing with an empty downloadRepo and I use hugo-bin in all of our projects.

Also, your CI is passing in some cases and not in others which hints that it's unrelated to hugo-bin.

You'll have to debug the issue yourself and if it's something wrong with the code here, feel free to submit a PR.

no

I mean when downloadRepo has a specific value (this value is available locally), but in the action of GitHub, it cannot be installed normally.

In the action of GitHub, if it is a null value, that is, the mirror address is not used, there is no problem when the action is installed.

@XhmikosR
Copy link
Collaborator

Like I said, we test with the value not present https://github.com/fenneclab/hugo-bin/blob/main/test/custom-repository.test.js

If you think you have found a bug, you should submit a fix with a failing test.

@XhmikosR
Copy link
Collaborator 

C:\Users\xmr\Desktop\hugo-bin>node -v && npm -v
v18.16.0
9.5.1

C:\Users\xmr\Desktop\hugo-bin>set HUGO_BIN_DOWNLOAD_REPO=https://hub.gitmirror.com/https://github.com/

C:\Users\xmr\Desktop\hugo-bin>npm i

> [email protected] postinstall
> node lib/install.js

>> baseUrl: https://hub.gitmirror.com/https://github.com//gohugoio/hugo/releases/download/v0.112.3/
Hugo binary successfully installed!

up to date, audited 648 packages in 3s

188 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

So, everything works fine. The failure you are having is due to something else, which I have no idea what is.

@ZhangChengLin
Copy link
Author

Whether those tests have judged the difference between GitHub and local, I feel that my main difference is the difference between local and GitHub actions, which may have nothing to do with nodejs

@ZhangChengLin
Copy link
Author

Because I only need to remove the mirror address of downloadRepo, or directly set it to https://github.com/, it is all available,
So I feel the reason, it should be that GitHub can't access that URL, I'll try another mirror address and try.

I also just thought of setting it directly to https://github.com/ for testing

@ZhangChengLin
Copy link
Author

image

@ZhangChengLin
Copy link
Author

@XhmikosR

It has been checked and verified and has been checked to confirm that the mirror address prohibits access from foreign addresses.

Problem solved, feels ok.
Just by adding an environment variable to the GitHub action workflow, HUGO_BIN_DOWNLOAD_REPO

hugo-bin/lib/index.js

Lines 52 to 55 in b533c55

process.env.HUGO_BIN_DOWNLOAD_REPO,
process.env.npm_config_hugo_bin_download_repo,
config.downloadRepo
].find(Boolean) || 'https://github.com';

Because downloadRepo is mainly to solve the network access problem in the local environment of individual developers. And there will be no such problem on GitHub's server.
So according to the order of the fields in the array in the code, set the HUGO_BIN_DOWNLOAD_REPO variable to the GitHub address.

In this way, even if downloadRepo is used to solve the local access problem, it also solves the problem of inaccessibility involving third-party mirror addresses in the workflow.
In particular, this involves security issues. After all, this is a third-party mirror, and the content is uncontrollable. Therefore, it should be noted that if the third-party content or domain name address is polluted, then all users, including end users, will face security issues.

Suggestion: If possible, this tool should judge the environment context. If it is some popular cloud hosting environment, you can use its own address for download and installation by default to avoid potential security problems.

@ZhangChengLin
Copy link
Author

https://docs.github.com/en/actions/learn-github-actions/contexts

@XhmikosR
Copy link
Collaborator

I don't think we need to change anything here. The environment variable has higher priority anyway.

There's an open issue to verify the checksum of the binaries (#36), but I don't have the bandwidth to fix it. Happy to review a clean PR with tests and that doesn't introduce more packages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@XhmikosR @ZhangChengLin