我正在从我的 github 工作流程(操作)发出一个 curl 发布请求,以获取自托管运行器的注册令牌,但我收到以下响应:
{
"message": "Resource not accessible by integration",
"documentation_url": "https://docs.github.com/rest/reference/actions#create-a-registration-token-for-a-repository"
}
下面是我的 github 工作流程的精简版本:
name: get-token
"on":
push: { branches: ["token"] }
jobs:
print-token:
name: print-token
environment: dev
# needs: pre-pkr
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Get registration token
id: getRegToken
run: |
curl -X POST -H \"Accept: application/vnd.github.v3+json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token
最终我想将此令牌传递给我使用 packer build 命令创建的 ami(下一步)。我也尝试使用加壳器的 shell 配置程序执行上述curl 请求,但响应相同。
无法弄清楚我是否必须允许来自 github ui 的某些权限?或者还有什么办法可以做到这一点?
提前致谢。
尝试添加permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs到你的工作:
name: get-token
"on":
push: { branches: ["token"] }
jobs:
print-token:
permissions: write-all
name: print-token
environment: dev
# needs: pre-pkr
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Get registration token
id: getRegToken
run: |
curl -X POST -H \"Accept: application/vnd.github.v3+json\" -H 'Authorization: token ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/repos/myprofile/myrepo/actions/runners/registration-token
这应该告诉您这是否是问题所在,然后您可以找出您缺少的权限并在更多中正确配置它们details https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions.
正如评论和其他答案所提到的,您可以通过多种方式配置权限:
- 使用PAT(个人访问令牌 https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
- 覆盖工作流文件本身的权限,如上面的代码片段所示
- 在操作设置中配置权限
第三个选项可以在几个不同的级别上完成:
- server https://docs.github.com/en/enterprise-server@3.3/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-workflow-permissions-in-your-enterprise
- 组织 https://docs.github.com/en/enterprise-server@3.3/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization
- 存储库 https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository
您可以找到默认权限的详细信息here https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token.
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)