GITHUB_TOKEN environment variable is silently overwritten #60
Labels
No labels
Kind/Breaking
Kind/Bug
Kind/Documentation
Kind/Enhancement
Kind/Feature
Kind/Security
Kind/Testing
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: forgejo/runner#60
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We have a workflow named
.forgejo/workflows/test.yml
with the followingenv
section on top:There is a PR if you want to check: https://codeberg.org/webxdc/xdcget/pulls/39
Turns out
GITHUB_TOKEN
is a no-op because it is then overwritten by some token by the runner itself, probably for GitHub compatibility. Then the tool under test checked out of the repository tries to use$GITHUB_USER:$GITHUB_TOKEN
pair to authorize to GitHub, and it fails as the token is some Codeberg token rather than a valid GitHub token from the secrets.As a solution I suggest that trying to set environment variables that are overwritten by the runner should result in a visible warning or an error. This will likely save some debugging time for other developers, because having a
GITHUB_TOKEN
environment variable to do releases on GitHub or things like that is probably quite common.