action-dependabot-auto-merge: "Error: Input required and not supplied: github-token"

All of a sudden I’ve been getting this error.

/action/node_modules/@actions/core/lib/core.js:94
        throw new Error(`Input required and not supplied: ${name}`);
              ^

Error: Input required and not supplied: github-token
    at Object.getInput (/action/node_modules/@actions/core/lib/core.js:94:15)
    at file:///action/index.js:28:15
    at ModuleJob.run (node:internal/modules/esm/module_job:154:23)
    at async Loader.import (node:internal/modules/esm/loader:166:24)
    at async Object.loadESM (node:internal/process/esm_loader:68:5)

E.g. https://github.com/mdn/content/pull/2964/checks?check_run_id=2066177430

I haven’t touched my personal access tokens. And auto-merge hasn’t been upgraded on the project in 3 months. It just stopped working today all of a sudden. Sample PR: https://github.com/mdn/content/pull/2964

I don’t know if it’s a bug or user-error. Or a problem with GitHub Actions changing under our feet.

I did try generating a new access token (using the public_repo scope) to see if that would make it work. But arguably, it’s a long shot because the error says the token isn’t supplied.

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Reactions: 15
  • Comments: 33 (11 by maintainers)

Commits related to this issue

Most upvoted comments

I run into the same issue on a private repo. But after some time I realized the token needs to added to the Depandabot section instead of Actions section which make it work for me. secrets-secion

and it wasn’t just THIS action … seems like EVERY Personal Access Token wasn’t being read properly, here’s an example of a job that relies on a different PAT for usage with Github Package Registry:

image

upon re-running the job that also worked fine.

so … a global hiccup of all Personal Access Tokens (or all secrets) across Github!

I’m moving this discussion to https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60 which details full context.

they answer me with something unrelated with my bug, but I want to share it with you because I didn’t know it.

We recently made changes to dependabot which means they will receive a read-only GITHUB_TOKEN and will not have access to any secrets available in the repository.

https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/

@peterbe I hope this is your issue.

no worries, let us know if you learn of anything interesting from them

I am passing a PAT to github-token but now if dependabot triggers an action this token is not injected.

oof, yeah … not sure what to do about that … this is just actions + secret permission stuff …

change here to allow pull_request_target: https://github.com/ahmadnassri/action-dependabot-auto-merge/commit/2aef6bbf0c786ba7411c31913536c255f97d9323

“Re-run jobs” works for me but in a random way.

yes, when I did retry it works but sometimes it doesn’t work… it is random. So I am waiting for confirmation from GitHub customer support.

thanks for your confirmation. and thanks for your work.