在GitHub动作中获取存储库公钥
我正在使用github动作来尝试在触发动作的存储库之一中的一个环境中管理某些秘密(基本上是同一回购)。
我正在使用托管的Windows Runner,并带有以下命令来尝试通过PowerShell获取环境的公共密钥:
$keyData = curl -H @{"Accept" = "application/vnd.github.v3+json"; "Authorization" = "token $env:SL_GITHUB_TOKEN"} https://api.github.com/repos/I_PUT_MY_ACCOUNT_HERE/MY_REPOSITORY_HERE_AS_WELL/environments/Production/secrets/public-key | ConvertFrom-Json
sl_github_token enviroment变量是一个个人访问令牌(PAT),具有最大的权限(每个复选框)通过GitHub UI创建时选择。
但是,当在中执行时,我会遇到一个错误:
message : Must have admin rights to Repository.
documentation_url : https://docs.github.com/rest/reference/actions#get-an-environment-public-key
这很奇怪,因为我可以在我的计算机上本地运行 extcect 相同的PAT,并获得正确的输出(如预期,公共密钥)。
为了确保在GitHub Actions Runner中实际上可以访问REST API,在完全相同的步骤中,我添加了另一个使用完全相同的PAT的命令:
$userData = curl -H @{"Accept" = "application/vnd.github.v3+json"; "Authorization" = "token $env:SL_GITHUB_TOKEN"} https://api.github.com/users/MY_USER_NAME_ON_GH | ConvertFrom-Json
返回了正确的数据,因此似乎有些时髦正在播放,而Secrets API正在发生。 。
这里有什么问题?是我缺少的跑步者中需要特殊权限的秘密API吗?显然不是PAT,因为同样的令牌可以在本地使用而没有问题。
I am using GitHub Actions to try and manage some of the secrets within one of the environments in the repository where Actions are being triggered (same repo, basically).
I am using the hosted Windows runner, with the following command to try and get the public key for the environment through PowerShell:
$keyData = curl -H @{"Accept" = "application/vnd.github.v3+json"; "Authorization" = "token $env:SL_GITHUB_TOKEN"} https://api.github.com/repos/I_PUT_MY_ACCOUNT_HERE/MY_REPOSITORY_HERE_AS_WELL/environments/Production/secrets/public-key | ConvertFrom-Json
The SL_GITHUB_TOKEN enviroment variable is a Personal Access Token (PAT) with maximum permissions (every checkbox selected when creating through the GitHub UI).
However, when the code is executed within the GitHub Actions runner, I get an error:
message : Must have admin rights to Repository.
documentation_url : https://docs.github.com/rest/reference/actions#get-an-environment-public-key
This is odd, because I can run the exact same command locally on my computer, with the same PAT, and get the correct output (the public key, as expected).
To make sure that the REST API is actually accessible in GitHub Actions runner, within the exact same step I added another command that uses the exact same PAT:
$userData = curl -H @{"Accept" = "application/vnd.github.v3+json"; "Authorization" = "token $env:SL_GITHUB_TOKEN"} https://api.github.com/users/MY_USER_NAME_ON_GH | ConvertFrom-Json
The correct data was returned, so it seems like something funky is going on with the Secrets API.
What could be the issue here? Is it just the Secrets API that needs special permissions within the runner that I am missing? It's clearly not the PAT since the same token can be used locally with no issues.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论