Invalid username or password

[cmacdonnacha]

My deploy job keeps failing with en error The deploy step encountered an error: The process '/usr/bin/git' failed with exit code 128 ❌

This same access token used to work previously so not sure what's changed now.

When changing to v4 I changed the properties from:

GITHUB_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }}
BRANCH: gh-pages
FOLDER: build

to what is now documented:

token: ${{ secrets.GITHUB_ACCESS_TOKEN }}
branch: gh-pages
folder: build

Link to action: https://github.com/cmacdonnacha/react-boilerplate/actions/runs/624000633

Link to workflow being used: https://github.com/cmacdonnacha/react-boilerplate/blob/master/.github/workflows/continuous-integration-workflow.yml#L89

[JamesIves]

Can you paste the full log from the deployment step? I don't have permissions to view them.

[cmacdonnacha]

Sure, here it is:

Run JamesIves/[email protected]

    GitHub Pages Deploy Action 🚀

    🚀 Getting Started Guide: https://github.com/marketplace/actions/deploy-to-github-pages
    ❓ Discussions / Q&A: https://github.com/JamesIves/github-pages-deploy-action/discussions
    🔧 Report a Bug: https://github.com/JamesIves/github-pages-deploy-action/issues

    📣 Maintained by James Ives: https://jamesiv.es
    💖 Support: https://github.com/sponsors/JamesIves
Checking configuration and starting deployment… 🚦
Deploying using …… 🔑
Configuring git…
/usr/bin/git config user.name cmacdonnacha
/usr/bin/git config user.email [email protected]
/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
/usr/bin/git remote rm origin
/usr/bin/git remote add origin ***github.com/cmacdonnacha/react-boilerplate.git
Git configured… 🔧
Starting to commit changes…
/usr/bin/git ls-remote --heads ***github.com/cmacdonnacha/react-boilerplate.git gh-pages
warning: redirecting to https://github.com/cmacdonnacha/react-boilerplate.git/
53b5f7a8f7bf47730288dec380eee2a728159355	refs/heads/gh-pages
Creating worktree…
/usr/bin/git fetch --no-recurse-submodules --depth=1 origin gh-pages
warning: redirecting to https://github.com/cmacdonnacha/react-boilerplate.git/
From https://github.com/cmacdonnacha/react-boilerplate
 * branch            gh-pages   -> FETCH_HEAD
 * [new branch]      gh-pages   -> origin/gh-pages
/usr/bin/git worktree add --no-checkout --detach github-pages-deploy-action-temp-deployment-folder
Preparing worktree (detached HEAD a8e15b7)
/usr/bin/git checkout -B gh-pages origin/gh-pages
Previous HEAD position was a8e15b7 Deploy fix
Switched to a new branch 'gh-pages'
Branch 'gh-pages' set up to track remote branch 'gh-pages' from 'origin'.
/usr/bin/rsync -q -av --checksum --progress /home/runner/work/react-boilerplate/react-boilerplate/build/. github-pages-deploy-action-temp-deployment-folder --delete --exclude CNAME --exclude .nojekyll --exclude .ssh --exclude .git --exclude .github
Checking if there are files to commit…
/usr/bin/git add --all .
/usr/bin/git checkout -b github-pages-deploy-action/0zued9ny9
Switched to a new branch 'github-pages-deploy-action/0zued9ny9'
/usr/bin/git commit -m Deploying to gh-pages from @ cmacdonnacha/react-boilerplate@a8e15b72611b4293a3ec04307c44e9d12643e061 🚀 --quiet --no-verify
/usr/bin/git push --force ***github.com/cmacdonnacha/react-boilerplate.git github-pages-deploy-action/0zued9ny9:gh-pages
remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/cmacdonnacha/react-boilerplate.git/'
Running post deployment cleanup jobs… 🗑️
/usr/bin/git worktree remove github-pages-deploy-action-temp-deployment-folder --force
Error: The deploy step encountered an error: The process '/usr/bin/git' failed with exit code 128 ❌
Deployment failed! ❌

[JamesIves]

Can you double check to make sure that secret still exists and actually contains an access token? The part that is suspicious to me is this line: Deploying using …… 🔑. It's likely an empty string, because that line should read "Deploy Token" if token is properly defined: https://github.com/JamesIves/github-pages-deploy-action/blob/dev/src/util.ts#L15-L16.

I also see that you don't set persist-credentials: false on the actions/checkout step, in version 4 we strip any pre-baked configurations set by previous action runs if a token is defined, if my theory is correct the likely hood is that you were deploying with the built-in token the entire time as your secret isn't setup correctly, and it was falling back to whatever the checkout step set as the default (the built in github token)

Can you confirm the above by re-generating your secret and re-saving it within your repositories secrets menu? Additionally going forward you don't need to define a token at all unless you need additional permission scoping, in the case of your setup you simply need the following:

      - name: Deploy 🚀
        uses: JamesIves/[email protected]
        with:
          branch: gh-pages
          folder: build

Let me know if that helps.

[cmacdonnacha]

Hey @JamesIves

Thanks for your reply. Just double checked and that token is still there. I think the property was called GITHUB_TOKEN in v3 but you've renamed it since to just token right? I initially thought that was the issue.

  - name: Deploy build
    uses: JamesIves/github-pages-deploy-action@releases/v3
    with:
      GITHUB_TOKEN: ${{ secrets.GITHUB_ACCESS_TOKEN }}
      BRANCH: gh-pages
      FOLDER: build

Here's the token and permissions

After re-generating the token it still didn't seem to work. However, after removing token property, like you said, the deploy now works. Here's the full log of the working deploy. So I think your theory is correct and my token never really worked and was falling back. What is the best practice? Should I be passing a token or just use the one generated by the checkout step?

Run JamesIves/[email protected]
  with:
    branch: gh-pages
    folder: build
    token: ***
    clean: true

    GitHub Pages Deploy Action 🚀

    🚀 Getting Started Guide: https://github.com/marketplace/actions/deploy-to-github-pages
    ❓ Discussions / Q&A: https://github.com/JamesIves/github-pages-deploy-action/discussions
    🔧 Report a Bug: https://github.com/JamesIves/github-pages-deploy-action/issues

    📣 Maintained by James Ives: https://jamesiv.es
    💖 Support: https://github.com/sponsors/JamesIves
Checking configuration and starting deployment… 🚦
Deploying using Deploy Token… 🔑
Configuring git…
/usr/bin/git config user.name cmacdonnacha
/usr/bin/git config user.email [email protected]
/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
/usr/bin/git remote rm origin
/usr/bin/git remote add origin ***github.com/cmacdonnacha/react-boilerplate.git
Git configured… 🔧
Starting to commit changes…
/usr/bin/git ls-remote --heads ***github.com/cmacdonnacha/react-boilerplate.git gh-pages
53b5f7a8f7bf47730288dec380eee2a728159355	refs/heads/gh-pages
Creating worktree…
/usr/bin/git fetch --no-recurse-submodules --depth=1 origin gh-pages
From https://github.com/cmacdonnacha/react-boilerplate
 * branch            gh-pages   -> FETCH_HEAD
 * [new branch]      gh-pages   -> origin/gh-pages
/usr/bin/git worktree add --no-checkout --detach github-pages-deploy-action-temp-deployment-folder
Preparing worktree (detached HEAD 6dee7c4)
/usr/bin/git checkout -B gh-pages origin/gh-pages
Previous HEAD position was 6dee7c4 Removed token property from deploy job
Switched to a new branch 'gh-pages'
Branch 'gh-pages' set up to track remote branch 'gh-pages' from 'origin'.
/usr/bin/rsync -q -av --checksum --progress /home/runner/work/react-boilerplate/react-boilerplate/build/. github-pages-deploy-action-temp-deployment-folder --delete --exclude CNAME --exclude .nojekyll --exclude .ssh --exclude .git --exclude .github
Checking if there are files to commit…
/usr/bin/git add --all .
/usr/bin/git checkout -b github-pages-deploy-action/km2b2uo36
Switched to a new branch 'github-pages-deploy-action/km2b2uo36'
/usr/bin/git commit -m Deploying to gh-pages from @ cmacdonnacha/react-boilerplate@6dee7c405f8ee002ff5c731fa970be9148b4782d 🚀 --quiet --no-verify
/usr/bin/git push --force ***github.com/cmacdonnacha/react-boilerplate.git github-pages-deploy-action/km2b2uo36:gh-pages
To https://github.com/cmacdonnacha/react-boilerplate.git
   53b5f7a..597d8ea  github-pages-deploy-action/km2b2uo36 -> gh-pages
Changes committed to the gh-pages branch… 📦
Running post deployment cleanup jobs… 🗑️
/usr/bin/git worktree remove github-pages-deploy-action-temp-deployment-folder --force
Completed deployment successfully! ✅

[JamesIves]

Yep, it was renamed to token. I think you're missing a step here, the name in the access token screen isn't the same as the name you provide in your repositories secrets menu.

• Generate an access token in the developer settings menu of GitHub with the correct permission scope, you can name it whatever identifies the purpose of the token.
• Copy the key it generates
• Go to your repository you're running the workflow from, open Settings and go to the Secrets menu
• Click Add new repository secret
• Name your secret, in your case it looks like it's GITHUB_ACCESS_TOKEN.
• Paste the key you generated from the workflow. You should see something like this:

Afterwards re-run the workflow, and it should deploy with the secret. I was able to reproduce the error you received by adding token: ${{ secrets.TOKEN_THAT_DOES_NOT_EXIST }} to the workflow.

In general though you shouldn't use an access token unless you absolutely have to, the only use-case that I've encountered is the need to deploy cross accounts/repos. Using an SSH deploy token or the built in repository token (that defaults when token is removed) is much safer. GitHub Actions masks these secrets, and we also have safeguards against leaks of these tokens, but should one of these safeguards fail they provide a lot of access to your entire GitHub account. In the case where you do need to use an access token I'd suggest generating one on a service account that only has access to the specific things you need it for.

[cmacdonnacha]

Ah! I only created the token in my dev settings thinking that would do the trick for ALL repos. Thanks for clarifying. I'll take your advice on token safety though and remove it altogether since I can use the token from the previous checkout action. Thanks again 👍