This message was deleted.

sparse-intern-71089

06/29/2020, 1:16 PM

This message was deleted.

white-rainbow-68240

06/29/2020, 1:17 PM

This is the github actions yaml:

Copy code

name: Pulumi
on:
  push:
    branches:
      - master
jobs:
  up:
    name: Update
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 1
      - uses: <docker://pulumi/actions>
        with:
          args: up --yes
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
          PULUMI_CI: up
          PULUMI_ROOT: infra

white-rainbow-68240

06/29/2020, 1:20 PM

Run pulumi/actions

fails with the following error:

Copy code

aws:iam:Role frea-api-svc-task  error: error using credentials to get account ID: error calling sts:GetCallerIdentity: RequestError: send request failed
    pulumi:pulumi:Stack frea-api-production
    aws:iam:Role frea-api-svc-task  1 error

Diagnostics:
aws:iam:Role (frea-api-svc-task):
error: error using credentials to get account ID: error calling sts:GetCallerIdentity: RequestError: send request failed
caused by: Post "<https://sts.amazonaws.com/>": net/http: invalid header field value "AWS4-HMAC-SHA256 Credential=\*\*\*\n/[REDACTED BY MARCUS]/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=[REDACTED BY MARCUS]" for key Authorization

white-rainbow-68240

06/29/2020, 1:23 PM

I'm pretty basic on AWS, but worth noting is that I'm using eu-west-1 if it matters, and this error lists us-east-1. The Authorization field value is pretty cluttered, so hard for me to know what's valid or not.

white-rainbow-68240

06/29/2020, 1:24 PM

I can do Pulumi up from the CLI though, so it seems to be related to the github actions setup.

white-rainbow-68240

06/29/2020, 1:25 PM

[end]

stocky-lion-56153

06/29/2020, 2:31 PM

What happens when you call aws sts get-caller-identity from your own computer and, separately, from within an action

stocky-lion-56153

06/29/2020, 2:33 PM

You might find this helpful for running and debugging actions locally too https://github.com/nektos/act

white-rainbow-68240

06/29/2020, 4:15 PM

Nice! I was thinking about running the Pulumi container locally, but this seems even better.

stocky-lion-56153

06/29/2020, 6:55 PM

I only just discovered it but it seems like just what I need

white-rainbow-68240

06/29/2020, 8:57 PM

I was hoping this was a known error. I will try to double check my keys and secrets and then start digging using /act, but I think I might burn a lot of hours on this.

white-rainbow-68240

06/30/2020, 1:01 PM

seems like I just got another type of issue using act, so need to find another way. I got some other leads though. Thanks for the tip though!

stocky-lion-56153

06/30/2020, 2:02 PM

Arrrgh! How annoying. Good luck

stocky-lion-56153

06/30/2020, 2:02 PM

I definitely ran that docker image without any problems though

white-rainbow-68240

06/30/2020, 2:09 PM

We found a workaround in a thread further down.

white-rainbow-68240

06/30/2020, 2:09 PM

act worked perfectly!

4 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.