Enable security on organization (python) fails

[john-yacuta-submittable]

Summary

Running the GitHub Action step for Python fails after running it the first time. It ran once and then rerunning it causes it to fail. I plan to put this into a cronjob but manual invocation does not work.

Code

jobs:
  enable-security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          repository: submittable/ghas-enablement

      - name: Get dependencies and configure
        run: |
          yarn
          git config --global user.name "ghas-enablement"
          git config --global user.email "[email protected]"
      
      - name: Enable security on organization (python)
        run: |
          npm run getOrgs
          npm run getRepos
          npm run start
        env:
          LANGUAGE_TO_CHECK: "python"
          TEMP_DIR: ${{ github.workspace }}

Error

2023-03-23T17:01:24.574Z ghas:inform 
2023-03-23T17:01:25.575Z ghas:inform Executing:  git checkout,-b,ghas-xyCIz in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:25.581Z ghas:error Switched to a new branch 'ghas-xyCIz'

2023-03-23T17:01:25.581Z ghas:inform 
2023-03-23T17:01:26.582Z ghas:inform Executing:  mkdir -p,.github/workflows in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:26.588Z ghas:inform 
2023-03-23T17:01:27.589Z ghas:inform Executing:  cp ./bin/workflows/codeql-analysis-python.yml,//home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>/.github/workflows/codeql-analysis.yml in /home/runner/work/github-actions/github-actions
2023-03-23T17:01:27.598Z ghas:inform 
2023-03-23T17:01:28.599Z ghas:inform Executing:  git add,.github/workflows/codeql-analysis.yml in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:28.606Z ghas:inform 
2023-03-23T17:01:29.608Z ghas:inform Executing:  git commit,-m,"Commit CodeQL File" in //home/runner/work/github-actions/github-actions/tempGitLocations/<REPO>
2023-03-23T17:01:29.615Z ghas:inform Whitelist returns: false
2023-03-23T17:01:29.615Z ghas:error Error: Command failed: git commit -m "Commit CodeQL File"

    at ChildProcess.exithandler (node:child_process:419:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1091:16)
    at Socket.<anonymous> (node:internal/child_process:449:11)
    at Socket.emit (node:events:513:28)
    at Pipe.<anonymous> (node:net:322:12)
node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^

Error: Command failed: git commit -m "Commit CodeQL File"

    at ChildProcess.exithandler (node:child_process:419:12)
    at ChildProcess.emit (node:events:513:28)
    at maybeClose (node:internal/child_process:1091:16)
    at Socket.<anonymous> (node:internal/child_process:449:11)
    at Socket.emit (node:events:[513](https://github.com/submittable/github-actions/actions/runs/4495431566/jobs/7926103435#step:4:514):28)
    at Pipe.<anonymous> (node:net:322:12) {
  code: 1,
  killed: false,
  signal: null,
  cmd: 'git commit -m "Commit CodeQL File"',
  stdout: 'On branch ghas-xyCIz\nnothing to commit, working tree clean\n',
  stderr: ''
}

Node.js v18.15.0
Error: Process completed with exit code 1.

[NickLiffen]

Going to do some digging into this today 👍

[NickLiffen]

I can't seem to replicate this 😢

@john-yacuta-submittable 👋

I just ran something like this:

name: Workflow

on:
  workflow_dispatch:

env:
  ENABLE_ON: "codescanning,secretscanning,pushprotection,dependabot,dependabotupdates,actions"
  DEBUG: "ghas:*"
  CREATE_ISSUE: "true"
  GHES: "false"
  GITHUB_ORG: ${{ secrets.MY_ORG }}
  GITHUB_API_TOKEN: ${{ secrets.MY_TOKEN }}

jobs:
  enable-security-python:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          repository: NickLiffen/ghas-enablement
      - name: Get dependencies and configure
        run: |
          yarn
          git config --global user.name "ghas-enablement"
          git config --global user.email "[email protected]"
      - name: Enable security on organization (python)
        run: |
          npm run getRepos
          npm run start
        env:
          LANGUAGE_TO_CHECK: "python"
          TEMP_DIR: ${{ github.workspace }}

Could you create two secrets, one with the org name and one with the PAT and try giving this a go 🤔 With the scopes documented in the README it should work 🤔

[sudhir-korde-tm]

One of our repositories is experiencing the same error, while the majority of them are functioning properly.

2023-08-14T22:05:40.298Z ghas:inform Found default branch SHA on the following repository: xxx-edge-api. The default branch is: db2edea247a517bfd1192c98b3533f8a9a1f5f26
2023-08-14T22:05:40.914Z ghas:inform Branch (ref) created on the following repository xxx-edge-api?. The branch reference is: refs/heads/feature/ghas-hCGOm
{
type: 'token',
tokenType: 'installation',
token: '***',
installationId: xxxx,
permissions: {
organization_administration: 'write',
administration: 'write',
contents: 'write',
issues: 'write',
metadata: 'read',
pull_requests: 'write',
security_events: 'write',
workflows: 'write'
},
createdAt: '2023-08-14T22:05:41.049Z',
expiresAt: '2023-08-14T23:05:40Z',
repositorySelection: 'all'
}
2023-08-14T22:05:41.053Z ghas:inform [
{
command: 'rm',
args: [ '-rf', './tempGitLocations' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/'
},
{
command: 'mkdir',
args: [ 'tempGitLocations' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement'
},
{
command: 'git',
args: [
'clone',
'***github.com/TMN/xxx-edge-api.git'
],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations'
},
{
command: 'git',
args: [ 'checkout', '-b', 'feature/ghas-hCGOm' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'mkdir',
args: [ '-p', [Array] ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'cp',
args: [
'./bin/workflows/codeql-analysis-javascript.yml',
'//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api/.github/workflows/codeql-analysis.yml'
],
cwd: '/home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement'
},
{
command: 'git',
args: [ 'add', '.github/workflows/codeql-analysis.yml' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'git',
args: [ 'commit', '-m', '"Commit CodeQL File"' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'git',
args: [ 'push', '--set-upstream', 'origin', 'feature/ghas-hCGOm' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api'
},
{
command: 'rm',
args: [ '-rf', './tempGitLocations/' ],
cwd: '//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/'
}
]
2023-08-14T22:05:41.053Z ghas:inform Executing: rm -rf,./tempGitLocations in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/
2023-08-14T22:05:41.061Z ghas:inform
2023-08-14T22:05:42.061Z ghas:inform Executing: mkdir tempGitLocations in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement
2023-08-14T22:05:42.066Z ghas:inform
2023-08-14T22:05:43.067Z ghas:inform Executing: git ***github.com/TMN/xxx-edge-api.git in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations
2023-08-14T22:05:44.781Z ghas:error Cloning into 'xxx-edge-api'...

2023-08-14T22:05:44.781Z ghas:inform
2023-08-14T22:05:45.782Z ghas:inform Executing: git checkout,-b,feature/ghas-hCGOm in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:45.788Z ghas:error Switched to a new branch 'feature/ghas-hCGOm'

2023-08-14T22:05:45.788Z ghas:inform
2023-08-14T22:05:46.789Z ghas:inform Executing: mkdir -p,.github/workflows in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:46.794Z ghas:inform
2023-08-14T22:05:47.795Z ghas:inform Executing: cp ./bin/workflows/codeql-analysis-javascript.yml,//home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api/.github/workflows/codeql-analysis.yml in /home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement
2023-08-14T22:05:47.802Z ghas:inform
2023-08-14T22:05:48.803Z ghas:inform Executing: git add,.github/workflows/codeql-analysis.yml in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:48.810Z ghas:inform
2023-08-14T22:05:49.812Z ghas:inform Executing: git commit,-m,"Commit CodeQL File" in //home/runner/work/tdpx-ghas-enablement/tdpx-ghas-enablement/tempGitLocations/xxx-edge-api
2023-08-14T22:05:49.819Z ghas:inform Whitelist returns: false
2023-08-14T22:05:49.819Z ghas:error Error: Command failed: git commit -m "Commit CodeQL File"

at ChildProcess.exithandler (node:child_process:419:12)
at ChildProcess.emit (node:events:514:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:514:28)
at Pipe.<anonymous> (node:net:323:12)

node:internal/process/promises:288
triggerUncaughtException(err, true /* fromPromise */);
^

Error: Command failed: git commit -m "Commit CodeQL File"

at ChildProcess.exithandler (node:child_process:419:12)
at ChildProcess.emit (node:events:514:28)
at maybeClose (node:internal/child_process:1091:16)
at Socket.<anonymous> (node:internal/child_process:449:11)
at Socket.emit (node:events:514:28)
at Pipe.<anonymous> (node:net:323:12) {

code: 1,
killed: false,
signal: null,
cmd: 'git commit -m "Commit CodeQL File"',
stdout: 'On branch feature/ghas-hCGOm\nnothing to commit, working tree clean\n',
stderr: ''
}

Node.js v18.17.0
Error: Process completed with exit code 1.