abutler / upload-release-assets Goto Github PK

Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: AButler/[email protected]

I currently have a task setup, which creates files and uploads those files to a site.
The generated files are created in the directory build/libs

I have a separate job, where I cd to this direction and zip all files. I consider switching to this action here, since the one I currently use (actions/upload-release-asset) has some errors and people there are quite slow at responding.

The question now is, how I would define the file(s) to use. Would it be relative to the current directory (which would be build/libs because of the cd) or relative to the project itself?

My current Workflow:

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Set up JDK 1.8
      uses: actions/setup-java@v1
      with:
        java-version: 1.8
    - name: Publish (Bintray)
      id: publish_bintray
      env:
        bintrayUser: ${{ secrets.bintrayUsername }}
        bintrayApiKey: ${{ secrets.bintrayApiKey }}
      run: ./gradlew bintrayUpload
    #- name: Publish (GitHub Packages)
    #  env:
    #    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    #    BUILD_NUMBER: 0 # Releases are always major.minor.revision_0
    #  run: ./gradlew publish
    - name: Zip files
      run: |
        cd build/libs
        zip release-${{ github.event.release.tag_name }} *.jar
    #
    # I want to replace this step
    #
    - name: Upload to release
      uses: actions/[email protected]
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        upload_url: ${{ github.event.release.upload_url }}
        asset_path: ./release-${{ github.event.release.tag_name }}.zip
        asset_name: release-${{ github.event.release.tag_name }}.zip
        asset_content_type: application/zip

I'm getting really strange behaviour: unknown (for me) error happens and it outputs an HTML page source as an error description.

Log: https://github.com/OpenXRay/xray-16/actions/runs/4208583295/jobs/7304755158

Why would you even do that? To test that the workflow is doing the right thing :)
Uploading an empty file leads to an obscure error about the size field being missing, which was a bit of a head scratcher for me for a while.

It would be nice to have a more positive error message, or just to note this in the docs.

Or you can just close this as "don't do that!" :-)

There is a hub named Gitee,and it also has a token function.
Can you add a release function on Gitee?
Don't be surprised if my words don't conform to the grammatical norms. I am not a native speaker of English.Sorry.

When you try to upload to a draft release it trows the error "Error: Not Found".

my case:
my workflow: https://github.com/AriaMoradi/Tachidesk/blob/d996c44b2425a7fc5fa00bba60e4953ef5e5aeed/.github/workflows/publish.yml
the failed action: https://github.com/AriaMoradi/Tachidesk/actions/runs/566468422

I am trying to use the recently-released v2.0.1 of this action, and I'm getting this error:

Error: Cannot find module '@actions/core'
Require stack:
- /__w/_actions/AButler/upload-release-assets/v2.0.1/lib/main.js

Run AButler/[email protected]
  with:
    files: skedjewel-v0.0.7.alpha2-linux
    repo-token: ***
    release-tag: v0.0.7.alpha2
/usr/bin/docker exec  63d14ab04227e818a74c16fd15d34d4c50e0de6680e1edba79af583ada85fae7 sh -c "cat /etc/*release | grep ^ID"
node:internal/modules/cjs/loader:936
  throw err;
  ^

Error: Cannot find module '@actions/core'
Require stack:
- /__w/_actions/AButler/upload-release-assets/v2.0.1/lib/main.js
    at Function.Module._resolveFilename (node:internal/modules/cjs/loader:933:15)
    at Function.Module._load (node:internal/modules/cjs/loader:778:27)
    at Module.require (node:internal/modules/cjs/loader:1005:19)
    at require (node:internal/modules/cjs/helpers:102:18)
    at Object.<anonymous> (/__w/_actions/AButler/upload-release-assets/v2.0.1/lib/main.js:21:27)
    at Module._compile (node:internal/modules/cjs/loader:1101:14)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/__w/_actions/AButler/upload-release-assets/v2.0.1/lib/main.js' ]
}

Here's how I'm using this action:

- name: Release
  uses: AButler/[email protected]
  with:
    files: skedjewel-${{  github.ref_name }}-linux
    repo-token: ${{ secrets.GITHUB_TOKEN }}
    release-tag: ${{  github.ref_name }}

name: Release

on:
  push:
    tags:
      - "v*.*.*"

jobs:
  build_and_upload_linux_binary:
    runs-on: ubuntu-latest
    container:
      image: crystallang/crystal:latest-alpine
    steps:
      - uses: actions/checkout@v3
      - name: Build
        run: shards build --production --release --no-debug --static
      - name: Check version matches tag
        run: "[[ \"v$(bin/skedjewel --version)\" == ${{  github.ref_name }} ]] || exit 1"
      - name: Move and rename
        run: mv bin/skedjewel ./skedjewel-${{  github.ref_name }}-linux
      - name: Release
        uses: AButler/[email protected]
        with:
          files: skedjewel-${{  github.ref_name }}-linux
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          release-tag: ${{  github.ref_name }}

  build_and_upload_macos_binary:
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v3
      - name: Install Crystal
        uses: crystal-lang/install-crystal@v1
      - name: Build
        run: shards build --production --release --no-debug
      - name: Check version matches tag
        run: "[[ \"v$(bin/skedjewel --version)\" == ${{  github.ref_name }} ]] || exit 1"
      - name: Move and rename
        run: mv bin/skedjewel ./skedjewel-${{  github.ref_name }}-darwin
      - name: Release
        uses: AButler/[email protected]
        with:
          files: skedjewel-${{  github.ref_name }}-darwin
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          release-tag: ${{  github.ref_name }}

Thanks in advance for anything you can do to help me resolve this error!

I have a step like this:

      - uses: AButler/[email protected]
        with:
          files: '/home/runner/work/github_actions/github_actions/dart-sdk-linux.tar.gz;/home/runner/work/github_actions/github_actions/depot_tools.tar.gz'
          repo-token: ${{ secrets.GITHUB_TOKEN }}

But I got the following error.

 Run AButler/[email protected]
##[warning]Cannot upload assets for release which is being undefined
Run AButler/[email protected]
  with:
    files: /home/runner/work/github_actions/github_actions/dart-sdk-linux.tar.gz;/home/runner/work/github_actions/github_actions/depot_tools.tar.gz
    repo-token: ***
##[warning]Cannot upload assets for release which is being undefined

I can confirm that I pushed a tag instead of a master commit.

Hi @AButler,

I have the following:

• name: Upload to release
  if: github.event_name == 'release'
  uses: AButler/[email protected]
  with:
  files: './release.zip'
  repo-token: ${{ secrets.GITHUB_TOKEN }}

Release status is Released.
I get the exception as Cannot upload assets for release which is being released.

Please confirm, if this'd be added?

Thanks in advance.

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'Upload assets to a Release'
github-token:
  action-input:
    input: repo-token
    is-default: false
  permissions:
    contents: write
    contents-reason: to delete existing and to upload updated assets
#Reference: https://github.com/AButler/upload-release-assets/blob/e940f6342206c9655b12a28a79646d3982571ad9/src/main.ts#L59

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

https://github.com/marketplace/actions/upload-assets-to-a-release

A minor issue, but worth calling out in the docs: the glob is case sensitive which can cause confusion when using this action to match files on a case insensitive filesystem.