Open
Description
I've been following the guide on how to set it up, which I think is pretty straight forward, but something is not working and I'm not sure how to debug it.
I'm getting the following error when running the workflow:
Run octo-sts/action@main
with:
scope: <org>/<repo>
identity: write-action
domain: octo-sts.dev
Attempt 1 failed. Error: HTTP error! status: 403
Attempt 2 failed. Error: HTTP error! status: 403
Attempt 3 failed. Error: HTTP error! status: 403
Error: Error: Fetch failed after 4 attempts.
at fetchWithRetry (/home/runner/work/_actions/octo-sts/action/main/index.js:36:11)
at async main (/home/runner/work/_actions/octo-sts/action/main/index.js:44:22)
This is what I have in the workflow:
permissions:
id-token: write
steps:
- name: Get short lived write token
uses: octo-sts/action@main
id: octo-sts
with:
scope: <org>/<repo>
identity: write-action
And this is the policy file:
# .github/chainguard/write-action.sts.yaml
issuer: https://token.actions.githubusercontent.com
subject: repo:<org>/<repo>:ref:refs/heads/main
permissions:
contents: write
Notes:
- It's installed on a private repo.
- We're using branch protection rulesets but it still doesn't work if I add octo-sts to the bypass list.