-
Select Topic AreaShow & Tell BodyI am creating a Github action for go based application that can deploy coverage report on gh-pages. Below is my name: Go Coverage Report
description: |
This action runs code coverage for Go based projects, uploads the coverage report as an artifact, and comments on the pull request with the link to the deployed coverage report.
author: sonichigo
branding:
icon: 'refresh-cw'
color: 'orange'
inputs:
package-directory:
description: 'Package directory to run tests'
required: false
default: './...'
coverage-file:
description: 'Name of the coverage file (without extension)'
required: false
default: 'coverage-report'
coverage-threshold:
description: 'Minimum coverage percentage required.'
required: false
default: '80'
token:
description: 'Token with Deployment Permissions'
required: true
outputs:
coverage-report-file:
description: 'Path to the generated coverage report file'
value: ${{ steps.generate-report.outputs.report-file }}
runs:
using: 'composite'
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.22.*
- name: Generate coverage report
id: generate-report
run: |
PKG_DIR="${{ inputs.package-directory || './...' }}"
COVERAGE_FILE="${{ inputs.coverage-file || 'coverage-report' }}"
go test -race -coverprofile=$COVERAGE_FILE.out $PKG_DIR
go tool cover -html=$COVERAGE_FILE.out -o $COVERAGE_FILE.html
COVERAGE_PERCENTAGE=$(go tool cover -func=$COVERAGE_FILE.out | grep total: | awk '{print substr($3, 1, length($3)-1)}')
if (( $(echo "$COVERAGE_PERCENTAGE < ${{ inputs.coverage-threshold }}" | bc -l) )); then
echo "Error: Coverage $COVERAGE_PERCENTAGE% is below the required threshold of ${{ inputs.coverage-threshold }}%"
exit 1
fi
echo "report-file=$COVERAGE_FILE.html" >> $GITHUB_OUTPUT
shell: bash
- name: Upload coverage report artifact
uses: actions/upload-artifact@v4
with:
name: coverage-report
path: ${{ steps.generate-report.outputs.report-file }}
- name: Deploy to GitHub Pages
uses: actions/deploy-pages@v3
env:
name: github-pages
token: ${{ inputs.token }}
- name: Comment coverage report link
if: ${{ github.event_name == 'pull_request' }}
uses: actions/github-script@v6
with:
github-token: ${{ github.token }}
script: |
const url = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/deployments/activity_log?environment=github-pages`;
const issueNumber = context.issue.number;
const repo = context.repo.repo;
const owner = context.repo.owner;
github.rest.issues.createComment({
issue_number: issueNumber,
owner: context.repo.owner,
repo: context.repo.repo,
body: `See the coverage report at: [Deployment Log](${url})`
}); But I'm getting the error : -
Although I have added permission: in my workflow file and using my PAT token for this still facing this error |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
So wworkflow sets permissions at the workflow-level and job-level. With permissions, there is no inheritance of scopes from level to level - so any scopes not configured at the relevant level are set to none. At the workflow-level, write for contents, pages, and id-token is set. But, at the job-level only Therefore I had to consolidate the two permissions scopes and set to a single level. |
Beta Was this translation helpful? Give feedback.
So wworkflow sets permissions at the workflow-level and job-level. With permissions, there is no inheritance of scopes from level to level - so any scopes not configured at the relevant level are set to none.
At the workflow-level, write for contents, pages, and id-token is set. But, at the job-level only
contents: read
andpull-requests: write
are set, so that is all thatGITHUB_TOKEN
grants when passed to your action.Therefore I had to consolidate the two permissions scopes and set to a single level.