Hello,
I am using the GitHub actions app to add workflows.
Our workflows (and dockstore configurations) are built automatically via the GitHub actions bot when a new workflow version tag is pushed.
However after the github-actions bot does its stuff of committing, and deploying workflows across the internet we get the following error from dockstore.
Error processing workflow umccr/cwl-ica/dragen-somatic-with-germline-pipeline_4_2_4:
User does not have an account on Dockstore.
Entry skipped.
These are the universal values for the github actions bot and email
GITHUB_ACTIONS_USERNAME="github-actions[bot]"
GITHUB_ACTIONS_EMAIL="41898282+github-actions[bot]@users.noreply.github.com"
Maybe these need their own account?
Hello,
When the workflow is first created on Dockstore, there does need to be a Dockstore user account corresponding to the GitHub user that did the push. Once the workflow has been created on Dockstore, it’s no longer necessary – any GitHub user, Dockstore account or not, can do the push, and Dockstore will process the update.
This is because we associate the workflow with a Dockstore user when the workflow is first created. Once the workflow has been associated, we don’t need the for future GitHub updates to come from a known user.
Surprisingly, no user has run into this before. We would need to ponder changing it, as it would entail having “orphaned” workflows with no users, and I’m not sure off-hand what all the ramifications of that would be.
To get around this, you can:
- Do one push from the repo with a GitHub user associated with a Dockstore account, then continue to let the bot do future pushes.
- Create a Dockstore account for your bot user.
Thanks,
Charles
Thanks for the prompt response!
- Create a Dockstore account for your bot user.
This is the universal GitHub actions bot, I don’t think I’d be able to create a dockstore account.
I think I’ll generate dockstore specific tags that will be part of the GitHub actions workflow, just not generated by the github-actions bot user (but by the individual that triggered the tag).
Whoops, I skimmed over the part where it’s the GitHub actions bot. So not a good suggestion on my part to create a Dockstore user for it. Sorry for the confusion.
Your idea should work, as should my other suggestion (if you don’t want to create Dockstore specific tags).
Got it working (I think), end up doing a manual push so not sure if the recent updates have been affective or not.
I’ve had to use annotated tags to prevent the tags being attributed to the GitHub actions user (since it’s the last user to complete a commit).
The dockstore annotated tags reflect the user who triggered the GitHub actions workflow (with some configuration updates).
Dockstore still shows that the user was github-actions[bot] though… (which is true for the commit), not the annotated tag. So hard to know if this only worked because the pipeline already existed or because this action successfully triggered it to sync
Hi Alexis,
Glad it seems to be working! But, in confirming, I was looking at the logs in your screenshot, and I’m getting a little confused with the timezone differences
Is your screenshot from a browser running in Melbourne, Australia, i.e., the first row happened at 21:18 Melbourne time? Just trying to correlate what’s in our DB, your screenshot, and when I look at it in my browser in US Pacific Time zone.
Also, would you mind explaining a bit how your process works? How does the GitHub bot push a tag created by a non-bot user?
We are getting the GitHub user from the sender
of the GitHub push event. Maybe we need to be looking at another field for the GitHub user.
Any help is appreciated, and thanks for bearing with us as we work through this.
Charles
Hello,
Yes I’m in Melbourne Australia.
The GitHub actions bot pushes a tag using the user ids of the triggerer - this should be a non-bot account (me).
I am setting my git configs in a downstream step for the user.name and email as per the initial workflow triggerer - see this code here: cwl-ica/.github/workflows/create_workflow_release_asset.yml at add-dockstore-github-actions · umccr/cwl-ica
In a previous step, the github actions bot makes a commit for .dockstore.yml and a few other release artifacts and fast-forwards the original tag (that triggered the GH actions workflow) to this new commit (and pushes the tags and commit to GitHub). The annotated tags are then attached to this new commit.
We are getting the GitHub user from the sender
of the GitHub push event. Maybe we need to be looking at another field for the GitHub user.
So could this be the pusher of the underlying commit (not the pusher of the tag)?
I found the payload for the event GitHub sent us for your particular tag.
Referencing the GitHub schema I’d mentioned earlier:
The sender is the bot.
head_commit.author and head_commit.committer are you
We are saving/showing the sender.
For updates to existing workflows, it won’t really matter, other than the confusing username in the dialog box; as I’d mentioned, once the workflow is created, we’ll process updates from anybody.
For new workflows, a fix might be able to solve your initial problem; if the head_commit has the non-bot author, we should be able to create the workflow using that author.
I’ve created an issue for this; I made it internal though because I didn’t want to expose any of the event details, so I can’t give you the issue number.