我遇到了与 GitHub Actions - 无法获取 ACTIONS_ID_TOKEN_REQUEST_URL env 变量相同的问题,但仅在本地运行 act 时。
我的
deploy.yml
文件(具有添加的写入权限)是:
name: Deploy Frontend
on:
push:
branches: [main, staging, frontend]
paths:
- 'frontend/**'
- '.github/workflows/deploy_frontend.yml'
workflow_dispatch:
jobs:
build-and-deploy:
runs-on: ubuntu-latest
permissions:
contents: write
pages: write # Added for GitHub Pages deployment
id-token: write # Necessary for actions/deploy-pages
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- uses: actions/checkout@v4
- name: Debug REACT_APP_API_URL
shell: bash
run: |
echo -e "\e[32m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\e[0m"
echo -e "\e[32mREACT_APP_API_URL=${REACT_APP_API_URL}\e[0m"
env
echo $(env | grep ACTIONS_RUNTIME_TOKEN)
# exit 1 # Commented out to allow the workflow to continue
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Print Environment Variables and Secrets
shell: bash
env:
REACT_APP_ENVIRONMENT: ${{ env.REACT_APP_ENVIRONMENT }}
run: |
echo -e "\e[32mREACT_APP_API_URL=${REACT_APP_API_URL}\e[0m"
echo -e "\e[32mREACT_APP_ENVIRONMENT=${REACT_APP_ENVIRONMENT}\e[0m"
env
echo ACTIONS_RUNTIME_TOKEN=$(env | grep ACTIONS_RUNTIME_TOKEN)
- name: Install dependencies
shell: bash
run: |
cd frontend
npm ci 2>&1 || (echo -e "\e[31mInstall dependencies step failed.\e[0m" && exit 1)
- name: Build
shell: bash
run: |
npm install env-cmd or npm install -g env-cmd
cd frontend
mkdir -p build_logs
TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
export REACT_APP_BUILD_TIME=$(TZ=America/Argentina/Buenos_Aires date +"%Y-%m-%d %H:%M:%S")
echo -e "\e[32mBuilding with environment variables:\e[0m"
env
echo -e "\e[32m$(pwd)\e[0m"
npm run build || (echo -e "\e[31mBuild step failed.\e[0m" && exit 1)
- name: Setup Pages
uses: actions/configure-pages@v4
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: './frontend/build'
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
- name: Build Succeeded
if: success()
run: echo -e "\e[32mBuild succeeded.\e[0m"
- name: Build Failed
if: failure()
shell: bash
run: |
echo -e "\e[31mBuild failed.\e[0m"
exit 1
我正在跑步,就像这样:
act -j build-and-deploy -W .github/workflows/deploy_frontend.yml --secret-file /home/noams/src/personal_website/frontend/.secrets_frontend --env-file /home/noams/src/personal_website/frontend/.env --artifact-server-path /tmp/artifacts
错误:
[Deploy Frontend/build-and-deploy] ✅ Success - Main Upload artifact
[Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-id=1
[Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-url=https://github.com/***/actions/runs/1/artifacts/1
[Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact_id=1
[Deploy Frontend/build-and-deploy] ✅ Success - Main Upload artifact
[Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-url=https://github.com/***/actions/runs/1/artifacts/1
[Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-id=1
[Deploy Frontend/build-and-deploy] ⭐ Run Main Deploy to GitHub Pages
[Deploy Frontend/build-and-deploy] 🐳 docker cp src=/home/noams/.cache/act/actions-deploy-pages@v4/ dst=/var/run/act/actions/actions-deploy-pages@v4/
[Deploy Frontend/build-and-deploy] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.4/x64/bin/node /var/run/act/actions/actions-deploy-pages@v4/dist/index.js] user= workdir=
[Deploy Frontend/build-and-deploy] 💬 ::debug::all variables are set
[Deploy Frontend/build-and-deploy] 💬 ::debug::all variables are set
| Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
| at Function.<anonymous> (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:71:1)
| at Generator.next (<anonymous>)
| at /run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:8:1
| at new Promise (<anonymous>)
| at __webpack_modules__.98041.__awaiter (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:4:1)
| at Function.getIDToken (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:57:1)
| at Object.<anonymous> (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/core.js:315:1)
| at Generator.next (<anonymous>)
| at /run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/core.js:27:1
| at new Promise (<anonymous>)
[Deploy Frontend/build-and-deploy] ❗ ::error::Ensure GITHUB_TOKEN has permission "id-token: write".
[Deploy Frontend/build-and-deploy] ❌ Failure - Main Deploy to GitHub Pages
[Deploy Frontend/build-and-deploy] exitcode '1': failure
[Deploy Frontend/build-and-deploy] ⭐ Run Main Build Failed
[Deploy Frontend/build-and-deploy] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/10.sh] user= workdir=
| Build failed.
[Deploy Frontend/build-and-deploy] ❌ Failure - Main Build Failed
[Deploy Frontend/build-and-deploy] exitcode '1': failure
[Deploy Frontend/build-and-deploy] ⭐ Run Post Upload artifact
[Deploy Frontend/build-and-deploy] 🐳 docker cp src=/home/noams/.cache/act/actions-upload-pages-artifact@v3/ dst=/var/run/act/actions/actions-upload-pages-artifact@v3/
[Deploy Frontend/build-and-deploy] ✅ Success - Post Upload artifact
[Deploy Frontend/build-and-deploy] 🏁 Job failed
Error: Job 'build-and-deploy' failed
此错误不会在 GitHub Actions 中发生,仅在本地使用 act 发生。
如何使用此令牌使行为发挥良好,该令牌已正确输入到
.secrets
文件中?
您遇到的问题是由于
act
如何处理 OIDC 令牌,特别是 id-token: write
权限造成的。不幸的是,act
并不完全支持所有 GitHub Actions 功能,而 OIDC 令牌功能似乎就是其中之一。由于 actions/deploy-pages@v4
中的身份验证需要令牌,因此您会在本地看到此错误,但直接在 GitHub Actions 上运行时不会看到此错误。
在我看来,如果您需要使用秘密但想跳过导致
act
出现问题的部分,您可以添加一个条件来绕过本地部署步骤。比如:
- name: Deploy to GitHub Pages
if: ${{ !env.ACT }}
id: deployment
uses: actions/deploy-pages@v4
这可确保需要 OIDC 令牌的部署步骤仅在 GitHub Actions 上运行,而不是在本地环境中运行。这样,使用您的机密的其他步骤仍将正常执行。
例如,当您在工作流程中使用像
REACT_APP_API_URL
这样的秘密时,您应该能够像这样访问它:
- name: Debug REACT_APP_API_URL
shell: bash
run: |
echo "REACT_APP_API_URL=${{ secrets.REACT_APP_API_URL }}"
只要在您的 .secrets_frontend 文件中定义了密钥,act 就会处理它,并且除了依赖于 OIDC 的步骤之外的所有内容都应该按预期运行。
我希望这有助于提供一些方向。