Skip to content

Action step with git authentication fails inside workflow_call when needs is set #31900

Open
@javiertury

Description

@javiertury

Description

Doing a git checkout (actions/checkout@v4) inside a workflow_call that needs another job raises an authentication error.

It can be reproduced using the following nested workflow.

Workflow to reproduce the error
# .gitea/workflows/main.yaml
name: test
run-name: test

on:
  workflow_dispatch:
  push:
    branches:
      - main


jobs:
  foo:
    runs-on: ubuntu-latest
    steps:
      -
        name: Foo
        run: |
          echo 'foo: ${{ inputs.foo }}'

  # Works fine, even if it has a dependency
  outer_needy_checkout:
    runs-on: ubuntu-latest
    needs: [foo]
    steps:
      -
        name: Outer needy checkout
        uses: https://github.com/actions/checkout@v4

  nested_checkout:
    runs-on: ubuntu-latest
    uses: ./.gitea/workflows/nested-checkout.yaml
    with:
      foo: bar
    secrets: inherit

  nested_needy_checkout:
    runs-on: ubuntu-latest
    uses: ./.gitea/workflows/nested-checkout.yaml
    needs: [foo]
    with:
      foo: bar
    secrets: inherit
# .git/workflows/nested-checkout.yaml

name: nested git checkout
run-name: nested git checkout
on:
  workflow_call:
    inputs:
      foo:
        type: string
        required: false

jobs:
  foo:
    runs-on: ubuntu-latest
    steps:
      -
        name: Foo
        run: |
          echo 'foo: ${{ inputs.foo }}'
      # This checkout works fine too, even though we are in a workflow_call
      -
        name: Nested checkout
        uses: https://github.com/actions/checkout@v4

  # fatal: could not read Username for '<repo>': terminal prompts disabled
  inner_needy_checkout:
    runs-on: ubuntu-latest
    needs: [foo]
    steps:
      -
        name: Nested needy checkout
        uses: https://github.com/actions/checkout@v4

The step Nested needy checkout fails with

fatal: could not read Username for '<repo>': terminal prompts disabled

Bear in mind that due to bugs #26736 and #26187, the UI marks the job as a sucess, but reading the logs in details reveals the error.

Gitea Version

1.22.1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

image

Git Version

No response

Operating System

No response

How are you running Gitea?

I'm using the official gitea helm chart on k3s

Database

SQLite

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions