Apparent Inconsistency Between GitHub Notifications and GitHub Releases

Mike-EEE's Avatar

Mike-EEE

20 Nov, 2019 09:46 PM

Getting closer to figuring our build script out here. AppVeyor has been really impressive to use and most everything has worked without much issue.

For instance, we setup GitHub Notifications which worked like a champ the first time, template and all:

https://github.com/ExtendedXmlSerializer/ExtendedXmlSerializer/pull/305#issuecomment-556423100

(Sorry, couldn't help but share -- SO COOL! :))

The thing to notice is that we did not have to use an `auth_token` as it seems the AppVeyor GitHub application has all the permissions needed, which is expected. Here is the configuration:

https://github.com/ExtendedXmlSerializer/ExtendedXmlSerializer/blob/612430db5875a22fc4b35e829abcd61f47b75a8c/.build/appveyor.yml#L20-L32

The next aspect we are configuring now is the GitHub Releases. Here is the block for that:

https://github.com/ExtendedXmlSerializer/ExtendedXmlSerializer/blob/612430db5875a22fc4b35e829abcd61f47b75a8c/.build/appveyor.yml#L75-L83

However, when running this, we get an exception:

```
Error creating GitHub release: Provider setting not found or it's value is empty. If secure setting is used please check that value was encrypted (or YAML was exported) while being logged under correct account.
Parameter name: auth_token
```

So it would seem that notifications appears to work without an auth_token whereas GitHub releases doesn't. Is there anyway to fix this? This seems like inconsistent behavior at best and a bug at worst.

Thank you for any continued assistance.

  1. Support Staff 1 Posted by Feodor Fitsner on 25 Nov, 2019 06:36 PM

    Feodor Fitsner's Avatar

    Hi Mike,

    There is a pre-defined OAuth token for GitHub notifications, kind of "AppVeyor Bot". For GitHub Releases you should use your own token to publish on behalf of your team.

  2. 2 Posted by Mike-EEE on 25 Nov, 2019 08:26 PM

    Mike-EEE's Avatar

    By token on behalf of my team, are you meaning Personal Access Token? As those cannot be limited and filtered to a particular repo, I would, of course, very much prefer to utilize a repo-specific and targeted mechanism as the one employed by Notifications.

    If you are saying this is not possible/available, I would be OK with having it put on "the TODO list" for a future release/version. :)

  3. Support Staff 3 Posted by Feodor Fitsner on 25 Nov, 2019 11:59 PM

    Feodor Fitsner's Avatar

    Yes, I mean PAT. I agree it's an absolutely annoying limitation that PAT impersonates the user and provides access to all their repositories. That was the motivator for GitHub to introduce GitHub Apps. However, right, GitHub App token could not be "generated" as PAT and even API easily. We've used to recommend customers creating a new GitHub user (so called CI bot) and giving them precise access to only selected orgs/repos, though that requires another user/seat license. The solution worked well before GitHub changes pricing to per-user.

  4. 4 Posted by Mike-EEE on 26 Nov, 2019 06:10 AM

    Mike-EEE's Avatar

    Yeah, alright. That works for me. You are aware of the problem and the associated annoyances with it.

    Maybe it might be worth looking into creating a GitHub app to see if it can do what we want to accomplish. Seems like they would simply provide a further field on the PAT to limit its scope. Such a hassle.

    Anyways, the rest of your service is remarkable. You have a lot to be proud of here!

  5. Mike-EEE closed this discussion on 26 Nov, 2019 06:10 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

05 Dec, 2019 09:12 PM
04 Dec, 2019 07:46 PM
04 Dec, 2019 12:01 AM
04 Dec, 2019 12:00 AM
03 Dec, 2019 11:00 PM