[GH-ISSUE #2500] Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable but succeeds with github actions #1158

Open
opened 2026-03-01 21:49:22 +03:00 by kerem · 3 comments
Owner

Originally created by @noamzilo on GitHub (Oct 22, 2024).
Original GitHub issue: https://github.com/nektos/act/issues/2500

Bug report info

noams@DESKTOP-34S5F1I:~/src/personal_website$ act --bug-report
act version:            0.2.68
GOOS:                   linux
GOARCH:                 amd64
NumCPU:                 8
Docker host:            DOCKER_HOST environment variable is not set
Sockets found:
        /var/run/docker.sock
Config files:
        /home/noams/.config/act/actrc:
                -P ubuntu-latest=catthehacker/ubuntu:act-latest
                -P ubuntu-22.04=catthehacker/ubuntu:act-22.04
                -P ubuntu-20.04=catthehacker/ubuntu:act-20.04
                -P ubuntu-18.04=catthehacker/ubuntu:act-18.04
Build info:
        Go version:            go1.23.1
        Module path:           command-line-arguments
        Main version:
        Main path:
        Main checksum:
        Build settings:
                -buildmode:           exe
                -compiler:            gc
                -ldflags:             -X main.version=0.2.68
                DefaultGODEBUG:       asynctimerchan=1,gotypesalias=0,httplaxcontentlength=1,httpmuxgo121=1,httpservecontentkeepheaders=1,tls10server=1,tls3des=1,tlskyber=0,tlsrsakex=1,tlsunsafeekm=1,winreadlinkvolume=0,winsymlink=0,x509keypairleaf=0,x509negativeserial=1
                CGO_ENABLED:          1
                CGO_CFLAGS:
                CGO_CPPFLAGS:
                CGO_CXXFLAGS:
                CGO_LDFLAGS:
                GOARCH:               amd64
                GOOS:                 linux
                GOAMD64:              v1
Docker Engine:
        Engine version:        27.3.1
        Engine runtime:        runc
        Cgroup version:        1
        Cgroup driver:         cgroupfs
        Storage driver:        overlay2
        Registry URI:          https://index.docker.io/v1/
        OS:                    Ubuntu 22.04.5 LTS
        OS type:               linux
        OS version:            22.04
        OS arch:               x86_64
        OS kernel:             5.15.153.1-microsoft-standard-WSL2
        OS CPU:                8
        OS memory:             3848 MB
        Security options:
                name=seccomp,profile=builtin

Command used with act

act -j build-and-deploy -W .github/workflows/deploy_frontend.yml --secret-file /home/noams/src/personal_website/frontend/.secrets_frontend --env-file /home/noams/src/personal_website/frontend/.env --artifact-server-path /tmp/artifacts

Describe issue

Expecting success just like github actions

https://github.com/noamzilo/personal_website

Workflow content

name: Deploy Frontend

on:
  push:
    branches: [main, staging, frontend]
    paths:
      - 'frontend/**'
      - '.github/workflows/deploy_frontend.yml'
  workflow_dispatch:

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      pages: write       # Added for GitHub Pages deployment
      id-token: write    # Necessary for actions/deploy-pages
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    steps:
    - uses: actions/checkout@v4

    - name: Debug REACT_APP_API_URL
      shell: bash
      run: |
        echo -e "\e[32m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\e[0m"
        echo -e "\e[32mREACT_APP_API_URL=${REACT_APP_API_URL}\e[0m"
        env
        echo $(env | grep ACTIONS_RUNTIME_TOKEN)
        # exit 1  # Commented out to allow the workflow to continue

    - name: Set up Node.js
      uses: actions/setup-node@v4
      with:
        node-version: '20'

    - name: Print Environment Variables and Secrets
      shell: bash
      env:
        REACT_APP_ENVIRONMENT: ${{ env.REACT_APP_ENVIRONMENT }}
      run: |
        echo -e "\e[32mREACT_APP_API_URL=${REACT_APP_API_URL}\e[0m"
        echo -e "\e[32mREACT_APP_ENVIRONMENT=${REACT_APP_ENVIRONMENT}\e[0m"
        env
        echo ACTIONS_RUNTIME_TOKEN=$(env | grep ACTIONS_RUNTIME_TOKEN)

    - name: Install dependencies
      shell: bash
      run: |
        cd frontend
        npm ci 2>&1 || (echo -e "\e[31mInstall dependencies step failed.\e[0m" && exit 1)

    - name: Build
      shell: bash
      run: |
        cd frontend
        mkdir -p build_logs
        TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
        export REACT_APP_BUILD_TIME=$(TZ=America/Argentina/Buenos_Aires date +"%Y-%m-%d %H:%M:%S")
        echo -e "\e[32mBuilding with environment variables:\e[0m"
        env
        echo -e "\e[32m$(pwd)\e[0m"
        npm run build || (echo -e "\e[31mBuild step failed.\e[0m" && exit 1)

    - name: Setup Pages
      uses: actions/configure-pages@v4

    - name: Upload artifact
      uses: actions/upload-pages-artifact@v3
      with:
        path: './frontend/build'

    - name: Deploy to GitHub Pages
      id: deployment
      uses: actions/deploy-pages@v4

    - name: Build Succeeded
      if: success()
      run: echo -e "\e[32mBuild succeeded.\e[0m"

    - name: Build Failed
      if: failure()
      shell: bash
      run: |
        echo -e "\e[31mBuild failed.\e[0m"
        exit 1

Relevant log output

[Deploy Frontend/build-and-deploy]   ✅  Success - Main Upload artifact
[Deploy Frontend/build-and-deploy]   ⚙  ::set-output:: artifact-url=https://github.com/***/actions/runs/1/artifacts/1
[Deploy Frontend/build-and-deploy]   ⚙  ::set-output:: artifact-id=1
[Deploy Frontend/build-and-deploy]   ⚙  ::set-output:: artifact_id=1
[Deploy Frontend/build-and-deploy]   ✅  Success - Main Upload artifact
[Deploy Frontend/build-and-deploy]   ⚙  ::set-output:: artifact-id=1
[Deploy Frontend/build-and-deploy]   ⚙  ::set-output:: artifact-url=https://github.com/***/actions/runs/1/artifacts/1
[Deploy Frontend/build-and-deploy] ⭐ Run Main Deploy to GitHub Pages
[Deploy Frontend/build-and-deploy]   🐳  docker cp src=/home/noams/.cache/act/actions-deploy-pages@v4/ dst=/var/run/act/actions/actions-deploy-pages@v4/
[Deploy Frontend/build-and-deploy]   🐳  docker exec cmd=[/opt/acttoolcache/node/18.20.4/x64/bin/node /var/run/act/actions/actions-deploy-pages@v4/dist/index.js] user= workdir=
[Deploy Frontend/build-and-deploy]   💬  ::debug::all variables are set
[Deploy Frontend/build-and-deploy]   💬  ::debug::all variables are set
| Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable
|     at Function.<anonymous> (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:71:1)
|     at Generator.next (<anonymous>)
|     at /run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:8:1
|     at new Promise (<anonymous>)
|     at __webpack_modules__.98041.__awaiter (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:4:1)
|     at Function.getIDToken (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:57:1)
|     at Object.<anonymous> (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/core.js:315:1)
|     at Generator.next (<anonymous>)
|     at /run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/core.js:27:1
|     at new Promise (<anonymous>)
[Deploy Frontend/build-and-deploy]   ❗  ::error::Ensure GITHUB_TOKEN has permission "id-token: write".
[Deploy Frontend/build-and-deploy]   ❌  Failure - Main Deploy to GitHub Pages
[Deploy Frontend/build-and-deploy] exitcode '1': failure
[Deploy Frontend/build-and-deploy] ⭐ Run Main Build Failed
[Deploy Frontend/build-and-deploy]   🐳  docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/10.sh] user= workdir=
| Build failed.
[Deploy Frontend/build-and-deploy]   ❌  Failure - Main Build Failed
[Deploy Frontend/build-and-deploy] exitcode '1': failure
[Deploy Frontend/build-and-deploy] ⭐ Run Post Upload artifact
[Deploy Frontend/build-and-deploy]   🐳  docker cp src=/home/noams/.cache/act/actions-upload-pages-artifact@v3/ dst=/var/run/act/actions/actions-upload-pages-artifact@v3/
[Deploy Frontend/build-and-deploy]   ✅  Success - Post Upload artifact
[Deploy Frontend/build-and-deploy] 🏁  Job failed
Error: Job 'build-and-deploy' failed

Additional information

The workflow is fine, as github actions does succeed, so clearly this is a problem with act.

My .secrets file contains:

GITHUB_TOKEN=XXX
ACTIONS_RUNTIME_TOKEN=XXX
#ACTIONS_RUNTIME_TOKEN=dummy
GITHUB_REPOSITORY=YYY

and I checked all env variables and secrets get passed correctly into the build.

I read some answers and implemented them, but no luck.

Would appreciate help, because having to push for debugging really sucks.

Originally created by @noamzilo on GitHub (Oct 22, 2024). Original GitHub issue: https://github.com/nektos/act/issues/2500 ### Bug report info ```plain text noams@DESKTOP-34S5F1I:~/src/personal_website$ act --bug-report act version: 0.2.68 GOOS: linux GOARCH: amd64 NumCPU: 8 Docker host: DOCKER_HOST environment variable is not set Sockets found: /var/run/docker.sock Config files: /home/noams/.config/act/actrc: -P ubuntu-latest=catthehacker/ubuntu:act-latest -P ubuntu-22.04=catthehacker/ubuntu:act-22.04 -P ubuntu-20.04=catthehacker/ubuntu:act-20.04 -P ubuntu-18.04=catthehacker/ubuntu:act-18.04 Build info: Go version: go1.23.1 Module path: command-line-arguments Main version: Main path: Main checksum: Build settings: -buildmode: exe -compiler: gc -ldflags: -X main.version=0.2.68 DefaultGODEBUG: asynctimerchan=1,gotypesalias=0,httplaxcontentlength=1,httpmuxgo121=1,httpservecontentkeepheaders=1,tls10server=1,tls3des=1,tlskyber=0,tlsrsakex=1,tlsunsafeekm=1,winreadlinkvolume=0,winsymlink=0,x509keypairleaf=0,x509negativeserial=1 CGO_ENABLED: 1 CGO_CFLAGS: CGO_CPPFLAGS: CGO_CXXFLAGS: CGO_LDFLAGS: GOARCH: amd64 GOOS: linux GOAMD64: v1 Docker Engine: Engine version: 27.3.1 Engine runtime: runc Cgroup version: 1 Cgroup driver: cgroupfs Storage driver: overlay2 Registry URI: https://index.docker.io/v1/ OS: Ubuntu 22.04.5 LTS OS type: linux OS version: 22.04 OS arch: x86_64 OS kernel: 5.15.153.1-microsoft-standard-WSL2 OS CPU: 8 OS memory: 3848 MB Security options: name=seccomp,profile=builtin ``` ### Command used with act ```sh act -j build-and-deploy -W .github/workflows/deploy_frontend.yml --secret-file /home/noams/src/personal_website/frontend/.secrets_frontend --env-file /home/noams/src/personal_website/frontend/.env --artifact-server-path /tmp/artifacts ``` ### Describe issue Expecting success just like github actions ### Link to GitHub repository https://github.com/noamzilo/personal_website ### Workflow content ```yml name: Deploy Frontend on: push: branches: [main, staging, frontend] paths: - 'frontend/**' - '.github/workflows/deploy_frontend.yml' workflow_dispatch: jobs: build-and-deploy: runs-on: ubuntu-latest permissions: contents: write pages: write # Added for GitHub Pages deployment id-token: write # Necessary for actions/deploy-pages environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} steps: - uses: actions/checkout@v4 - name: Debug REACT_APP_API_URL shell: bash run: | echo -e "\e[32m@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\e[0m" echo -e "\e[32mREACT_APP_API_URL=${REACT_APP_API_URL}\e[0m" env echo $(env | grep ACTIONS_RUNTIME_TOKEN) # exit 1 # Commented out to allow the workflow to continue - name: Set up Node.js uses: actions/setup-node@v4 with: node-version: '20' - name: Print Environment Variables and Secrets shell: bash env: REACT_APP_ENVIRONMENT: ${{ env.REACT_APP_ENVIRONMENT }} run: | echo -e "\e[32mREACT_APP_API_URL=${REACT_APP_API_URL}\e[0m" echo -e "\e[32mREACT_APP_ENVIRONMENT=${REACT_APP_ENVIRONMENT}\e[0m" env echo ACTIONS_RUNTIME_TOKEN=$(env | grep ACTIONS_RUNTIME_TOKEN) - name: Install dependencies shell: bash run: | cd frontend npm ci 2>&1 || (echo -e "\e[31mInstall dependencies step failed.\e[0m" && exit 1) - name: Build shell: bash run: | cd frontend mkdir -p build_logs TIMESTAMP=$(date +"%Y%m%d_%H%M%S") export REACT_APP_BUILD_TIME=$(TZ=America/Argentina/Buenos_Aires date +"%Y-%m-%d %H:%M:%S") echo -e "\e[32mBuilding with environment variables:\e[0m" env echo -e "\e[32m$(pwd)\e[0m" npm run build || (echo -e "\e[31mBuild step failed.\e[0m" && exit 1) - name: Setup Pages uses: actions/configure-pages@v4 - name: Upload artifact uses: actions/upload-pages-artifact@v3 with: path: './frontend/build' - name: Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@v4 - name: Build Succeeded if: success() run: echo -e "\e[32mBuild succeeded.\e[0m" - name: Build Failed if: failure() shell: bash run: | echo -e "\e[31mBuild failed.\e[0m" exit 1 ``` ### Relevant log output ```sh [Deploy Frontend/build-and-deploy] ✅ Success - Main Upload artifact [Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-url=https://github.com/***/actions/runs/1/artifacts/1 [Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-id=1 [Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact_id=1 [Deploy Frontend/build-and-deploy] ✅ Success - Main Upload artifact [Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-id=1 [Deploy Frontend/build-and-deploy] ⚙ ::set-output:: artifact-url=https://github.com/***/actions/runs/1/artifacts/1 [Deploy Frontend/build-and-deploy] ⭐ Run Main Deploy to GitHub Pages [Deploy Frontend/build-and-deploy] 🐳 docker cp src=/home/noams/.cache/act/actions-deploy-pages@v4/ dst=/var/run/act/actions/actions-deploy-pages@v4/ [Deploy Frontend/build-and-deploy] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.4/x64/bin/node /var/run/act/actions/actions-deploy-pages@v4/dist/index.js] user= workdir= [Deploy Frontend/build-and-deploy] 💬 ::debug::all variables are set [Deploy Frontend/build-and-deploy] 💬 ::debug::all variables are set | Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable | at Function.<anonymous> (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:71:1) | at Generator.next (<anonymous>) | at /run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:8:1 | at new Promise (<anonymous>) | at __webpack_modules__.98041.__awaiter (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:4:1) | at Function.getIDToken (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/oidc-utils.js:57:1) | at Object.<anonymous> (/run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/core.js:315:1) | at Generator.next (<anonymous>) | at /run/act/actions/actions-deploy-pages@v4/node_modules/@actions/core/lib/core.js:27:1 | at new Promise (<anonymous>) [Deploy Frontend/build-and-deploy] ❗ ::error::Ensure GITHUB_TOKEN has permission "id-token: write". [Deploy Frontend/build-and-deploy] ❌ Failure - Main Deploy to GitHub Pages [Deploy Frontend/build-and-deploy] exitcode '1': failure [Deploy Frontend/build-and-deploy] ⭐ Run Main Build Failed [Deploy Frontend/build-and-deploy] 🐳 docker exec cmd=[bash --noprofile --norc -e -o pipefail /var/run/act/workflow/10.sh] user= workdir= | Build failed. [Deploy Frontend/build-and-deploy] ❌ Failure - Main Build Failed [Deploy Frontend/build-and-deploy] exitcode '1': failure [Deploy Frontend/build-and-deploy] ⭐ Run Post Upload artifact [Deploy Frontend/build-and-deploy] 🐳 docker cp src=/home/noams/.cache/act/actions-upload-pages-artifact@v3/ dst=/var/run/act/actions/actions-upload-pages-artifact@v3/ [Deploy Frontend/build-and-deploy] ✅ Success - Post Upload artifact [Deploy Frontend/build-and-deploy] 🏁 Job failed Error: Job 'build-and-deploy' failed ``` ### Additional information The workflow is fine, as [github actions does succeed](https://github.com/noamzilo/personal_website/actions/runs/11462535016), so clearly this is a problem with act. My .secrets file contains: ``` GITHUB_TOKEN=XXX ACTIONS_RUNTIME_TOKEN=XXX #ACTIONS_RUNTIME_TOKEN=dummy GITHUB_REPOSITORY=YYY ``` and I checked all env variables and secrets get passed correctly into the build. I read [some answers](https://stackoverflow.com/questions/72504998/github-actions-unable-to-get-actions-id-token-request-url-env-variable) and implemented them, but no luck. Would appreciate help, because having to push for debugging really sucks.
Author
Owner

@github-actions[bot] commented on GitHub (Apr 21, 2025):

Issue is stale and will be closed in 14 days unless there is new activity

<!-- gh-comment-id:2817405281 --> @github-actions[bot] commented on GitHub (Apr 21, 2025): Issue is stale and will be closed in 14 days unless there is new activity
Author
Owner

@noamzilo commented on GitHub (Apr 21, 2025):

Not stale

<!-- gh-comment-id:2819498118 --> @noamzilo commented on GitHub (Apr 21, 2025): Not stale
Author
Owner

@smoglica commented on GitHub (Jul 16, 2025):

The actions/deploy-pages requires the id-token: write (Token to request an OpenID Connect token) permission to be granted to GITHUB_TOKEN. You're already doing this in the build-and-deploy job.

You cannot set the id-token: write permission on a Personal Access Token (PAT). The id-token permission is specific to GitHub Actions' built-in GITHUB_TOKEN and is used for OpenID Connect (OIDC) federation GitHub Actions and cloud providers.

When running workflows locally with act, OIDC (id-token) is not supported, because act cannot mint or sign OIDC tokens like GitHub Actions does.

Seems that feature is planned to be handled. You can check in Unsupported functionality page

<!-- gh-comment-id:3078423375 --> @smoglica commented on GitHub (Jul 16, 2025): The `actions/deploy-pages` requires the `id-token: write` (Token to request an OpenID Connect token) permission to be granted to `GITHUB_TOKEN`. You're already doing this in the `build-and-deploy` job. You cannot set the `id-token: write` permission on a Personal Access Token (PAT). The `id-token` permission is specific to GitHub Actions' built-in `GITHUB_TOKEN` and is used for OpenID Connect (OIDC) federation GitHub Actions and cloud providers. When running workflows locally with act, OIDC (id-token) is not supported, because act cannot mint or sign OIDC tokens like GitHub Actions does. Seems that feature is planned to be handled. You can check in [Unsupported functionality](https://nektosact.com/not_supported.html#planned) page
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/act#1158
No description provided.