Created from @amoosbr's comment in the v3 issue:
Hi,
not sure if my question belongs to the v3 release or not.
Just wanted to let you know, about my experience, when I tried to use v3.0.0 with a GitHub App token.
Based on the README image-names section, I expected to use a GitHub App for cleanup a image name like bla/*
Readme snippet:
These operators are only available for personal- and GitHub app-tokens. See the token parameter section for more info.
Unfortunately, when I tried to use it as documented in the GitHub App token sample, I got the following response:
2024-07-29T09:34:18.768949Z DEBUG container_retention_policy: Logging initialized
2024-07-29T09:34:18.769670Z DEBUG parse input: container_retention_policy::cli::models: Recognized token as temporal token
2024-07-29T09:34:18.770018Z DEBUG parse input: container_retention_policy::client::builder: Constructing base urls
2024-07-29T09:34:18.770047Z DEBUG parse input: container_retention_policy::client::builder: Constructing HTTP headers
2024-07-29T09:34:18.770065Z DEBUG parse input: container_retention_policy::client::builder: Creating rate-limited services
2024-07-29T09:34:18.770328Z DEBUG fetch rate limit: container_retention_policy::client::client: Retrieving Github API rate limit
2024-07-29T09:34:18.842278Z DEBUG fetch rate limit: container_retention_policy::client::client: There are [15](https://github.com/bosch-adas-genai/actions/actions/runs/10141744949/job/28039764262#step:4:16)000 requests remaining in the rate limit
thread 'main' panicked at src/client/client.rs:46:17:
Restrictions in the Github API prevent us from listing packages when using a $GITHUB_TOKEN token. Because of this, filtering with '!' and '*' are not supported for this token type. Image name cache/* is therefore not valid.
Looking at the latest history, I saw a commit, that mentions GitHub App tokens behave like temporal tokens.
I tried using building and running the 3.0.0 release candidate, where the GitHub App tokens was not treated as temporal token. Then my GitHub App token didn't have the needed scopes:
The token does not have the scopes needed. Tokens need `read:packages` and `delete:packages`. The scopes found were none.
My GitHub App has packages:write permission and is installed on the org with access to all repositories. I didn't find a packages:delete option for GitHub Apps.
I'm not 100% sure, if I just used the action wrong or my App has wrong settings. But if it is not possible to have wildcard image names with GitHub App tokens, perhaps the README can be updated.
As soon as I switched to using a classical PAT, the workflow stated to work as expected.
Originally posted by @amoosbr in #84 (comment)
Created from @amoosbr's comment in the v3 issue:
Hi,
not sure if my question belongs to the v3 release or not.
Just wanted to let you know, about my experience, when I tried to use v3.0.0 with a GitHub App token.
Based on the README image-names section, I expected to use a GitHub App for cleanup a image name like
bla/*Readme snippet:
Unfortunately, when I tried to use it as documented in the GitHub App token sample, I got the following response:
Looking at the latest history, I saw a commit, that mentions GitHub App tokens behave like temporal tokens.
I tried using building and running the 3.0.0 release candidate, where the GitHub App tokens was not treated as temporal token. Then my GitHub App token didn't have the needed scopes:
My GitHub App has
packages:writepermission and is installed on the org with access to all repositories. I didn't find apackages:deleteoption for GitHub Apps.I'm not 100% sure, if I just used the action wrong or my App has wrong settings. But if it is not possible to have wildcard image names with GitHub App tokens, perhaps the README can be updated.
As soon as I switched to using a classical PAT, the workflow stated to work as expected.
Originally posted by @amoosbr in #84 (comment)