Skip to content

Azure Web Apps Deploy action doesn't ask for content read permission #170

Description

@lucasbfr

Hi,

when setting up a brand new .net 8 deployment straight from the Azure portal, I encountered the following error at the "Checkout GitHub Action" step:

Fetching the repository
  "C:\Program Files\Git\bin\git.exe" -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +[REDACTED]:refs/remotes/origin/main
  remote: Repository not found.
  Error: fatal: repository 'https://github.com/lucasbfr/[REDACTED]' not found
  The process 'C:\Program Files\Git\bin\git.exe' failed with exit code 128

This is caused by a missing permission. The ones created by Azure are
permissions: id-token: write #This is required for requesting the JWT

However,
contents: read #attempt to read the private repo
is required to be able to read a (I guess non public) repository.

The previous version of this script worked, probably because it was not setting any permission and contents: read is the default overridden by the new version.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions