Skip to content

CI fails in forks #2676

New issue
New issue
Open
Open
CI fails in forks#2676
@jsoref

Description

@jsoref
jsoref
opened on Sep 15, 2025

https://github.com/check-spelling-sandbox/backbeat/actions/runs/17669871944/job/50219053665

Run scality/action-prom-render-test@1.0.3
Run gh release download -R scality/action-prom-render-test -p 'alertgen' --skip-existing
  gh release download -R scality/action-prom-render-test -p 'alertgen' --skip-existing
  shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
  env:
    GITHUB_TOKEN: 
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
  env:
    GH_TOKEN: ${{ github.token }}

backbeat/.github/workflows/alerts.yaml

Lines 17 to 35 in 07cff46

- name: Render and test lifecycle
uses: scality/action-prom-render-test@1.0.3
with:
alert_file_path: monitoring/lifecycle/alerts.yaml
test_file_path: monitoring/lifecycle/alerts.test.yaml
alert_inputs: |
namespace=zenko
job_lifecycle_producer=artesca-data-backbeat-lifecycle-producer-headless
job_lifecycle_bucket_processor=artesca-data-backbeat-lifecycle-bucket-processor-headless
job_lifecycle_object_processor=artesca-data-backbeat-lifecycle-object-processor-headless
job_lifecycle_transition_processor=artesca-data-backbeat-lifecycle-transition-processor-headless
job_sorbet_forwarder=artesca-data-sorbet-fwd-
lifecycle_conductor_replicas=1
lifecycle_bucket_replicas=3
lifecycle_object_replicas=3
lifecycle_transition_replicas=3
lifecycle_latency_warning_threshold=120
lifecycle_latency_critical_threshold=180
github_token: ${{ secrets.GIT_ACCESS_TOKEN }}

You can add an if: to restrict workflows to only run in this repository (if: github.repository == 'scality/backbeat)

https://github.com/check-spelling-sandbox/backbeat/actions/runs/17669871946/job/50219053638

Error: buildx failed with: ERROR: failed to build: failed to solve: failed to push ghcr.io/check-spelling-sandbox/backbeat:724a0e9a06363684a41b096dee577f92eeaa8ae2: denied: installation not allowed to Create organization package

backbeat/.github/workflows/docker-build.yaml

Lines 9 to 15 in 724a0e9

env:
PROJECT_NAME: ${{ github.event.repository.name }}
jobs:
build:
runs-on: ubuntu-latest

The fix per https://github.com/orgs/community/discussions/57724#discussioncomment-9967502 is to add:

  permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write

(Either at the top of the workflow or in the job.)

Note that this isn't a fork specific failure, it just means your repository/organization isn't configured to be paranoid (and it should be).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions