Search code examples
githubcontinuous-integrationgithub-actionscontinuous-deployment

Creating a release using GitHub action fails with HTTP 403

I got this workflow:

name: Build and Release

on:
  push:
    tags:
      - "v*.*.*"

permissions:
  contents: write

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Install PHP
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.2'
          extensions: mbstring, zip

      - name: Install PHP dependencies
        run: composer install --no-interaction --prefer-dist

      - name: Use Node.js 16.13.0
        uses: actions/setup-node@v2
        with:
          node-version: 16.13.0

      - name: Install required npm version
        run: npm -g install npm@8.5.5

      - name: Install npm dependencies
        run: npm ci

      - name: Build assets
        run: npm run build

      - name: Create release zip
        run: zip -r release.zip .
        if: success()

      - name: Upload release.zip to GitHub Releases
        uses: softprops/action-gh-release@v1
        with:
          files: release.zip
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

This fails with

👩‍🏭 Creating new GitHub release for tag v.0.5.0... ⚠️ GitHub release failed with status: 403 undefined retrying... (2 retries remaining)

I checked https://github.com/softprops/action-gh-release/issues/236, what let me add the permissions on my workflow, but the error remains.

My question is: What am I missing? The action should be allowed to create that release?

Solution

  • If the goal is to create a release automatically, it'll be much easier to just use the gh release create command rather than debug some random action.

    Especially when softprops/action-gh-release@v1 is running this minified js where your error appears to be coming from here, wrapping this version of this package, with inadequate repository tagging to link to an explicit version of the octokit package that that is using, to debug why the release is failing.

    You can achieve the same thing with;

        - name: Release
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: >-
        gh release create ${{ github.ref_name }}
        "release.zip#Whatever you want to call this artifact"
        --generate-notes
        --title "Version ${{ github.ref_name }} (or some other name)"

    It's not a canonical answer with regards to softprops/action-gh-release@v1, but it is the GitHub-esque way of scripting the release, using the github cli.

    Edit to add: permissions

    While the original question had already tried specifying permissions and still had the issue regardless of permissions, to clarify for other posters; gh release create requires the contents permission to be write. You can specify on either the whole workflow or just the job;

    permissions:
  contents: write

    But be aware that specifying only one permission will set the unspecified permissions to none, so if you're doing other things that require other permissions, you'll have to specify those also.