Github_workflows #2313
Comments
|
@domwhewell-sage might have thoughts |
|
Was this run run without an API key? I remember the permissions for the github workflows was quite confusing... #1305 (comment) That reminds me perhaps we need to require an API key for github_workflows and not the other two. |
|
Hey @domwhewell-sage , thanks a lot for checking this. Yes, I have setup a different API key for each different BBOT Github modules which are in secrets.yml. |
|
Thanks @Sh4d0wHunt3rX could you confirm what permissions they have? |
|
Sure, here you are:
So, I guess maybe I needed to enable "workflows" for my github workflows api? |
|
Let me replicate the same permissions and get back to you, I believe the documentation only states you need the whole |
|
Thanks : ) Very noob question. The workflows and repos that I'm trying to access do not belong to me. Maybe this is a normal behavior that I do not have the permission to access them? |
|
The repo in your screenshot is publicly available. And the artifact is publicly accessible (Via the web), It's just specific permissions are still required to download it via the API :/ |
|
Hmm, I mirrored your API key permissions and I can download those Facebook artifacts |
|
Strange 🤔 Maybe it's kind of rate limiting. But I get this error on many scans, I thought that it's a normal error that the workflow is not public. I will tell you the next time I get it. 🙏 |
TheTechromancer
modified the milestones:
BBOT 2.4.0 - baby_austin,
BBOT 2.5.0 - harmful_gregory
|
This is what I get actually sometimes:
|
|
Thanks @Sh4d0wHunt3rX, It could well be rate limiting as I know github uses the same status code 403 for when you've reached the rate limit. (It is supposed to be quite high when API tokens are included though) So I would be interested to know if it would be possible to create a check for if you have insufficient API permissions or you are getting rate limited given they are the same status code. |
|
Ah it seems the API key isn't being included in when making the request to download the file await self.helpers.download(
f"{self.base_url}/repos/{owner}/{repo}/actions/runs/{run_id}/logs",
filename=file_destination,
headers=self.headers,
raise_error=True,
warn=False,
)Where I'm not sure if we can modify the download helper to include the API key rotation feature @TheTechromancer? But at the very least I will be able to add the API key into the |
|
Ohh yes that should be doable. |
I'm not sure if the thing I'm saying is good or no, but I was thinking maybe hide these warning or not issue them as warning.
The text was updated successfully, but these errors were encountered: