Behaviour

Attempting to automatically create a chocolatey package of my command line tool using GitHub Actions.

Expected behaviour

pack command should create .nupkg file

Actual behaviour

Get this error: Could not find a part of the path '/wksp/tools'.

Configuration

• Repository URL (if public): https://github.com/jhotmann/node-rename-cli
• Build URL (if public): https://github.com/jhotmann/node-rename-cli/runs/657792210?check_suite_focus=true

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [14.x]
    steps:
    - uses: actions/checkout@v2
    - name: Use Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v1
      with:
        node-version: ${{ matrix.node-version }}
    - run: npm ci
    - run: npm i -g pkg
    - run: npm run-script build --if-present
    - uses: actions/upload-artifact@v2
      with:
        name: binaries
        path: /home/runner/work/node-rename-cli/node-rename-cli/bin
    - run: npm run-script chocolatey --if-present
    - run: ls chocolatey/rename-cli/tools/
    - name: Choco package
      uses: crazy-max/ghaction-chocolatey@v1
      with:
        args: pack chocolatey/rename-cli/rename-cli.nuspec

Logs

Download the log file of your build and attach it to this issue.

logs_25.zip

Maybe I'm wrong but you pass any arg to Chocolatey using this GH Action. So I'm trying to install a package passing the args install docfx.

- name: Choco install docfx
        uses: crazy-max/ghaction-chocolatey@v1
        with:
          args: install docfx

The output:

Chocolatey v0.10.15.0
Directory 'opt/chocolatey/lib' does not exist.
Could not find a command registered that meets 'install docfx'. 
 Try choco -? for command reference/help.

The same command in my local environment:

λ choco install docfx
Chocolatey v0.10.8
Chocolatey detected you are not running from an elevated command shell
 (cmd/powershell).

 You may experience errors - many functions/packages
 require admin rights. Only advanced users should run choco w/out an
 elevated shell. When you open the command shell, you should ensure
 that you do so with "Run as Administrator" selected. If you are
 attempting to use Chocolatey in a non-administrator setting, you
 must select a different location other than the default install
 location. See
 https://chocolatey.org/install#non-administrative-install for details.


 Do you want to continue?([Y]es/[N]o): Y

Behaviour

Steps to reproduce this issue

1. Pack Software
2. Push Software

Expected behaviour

Software packed succesfully

Actual behaviour

Despite version being 0.7.4.0, package gets packed as 0.7.4 causing a file not found error later in the process

Configuration

• Repository URL (if public): https://github.com/rcmaehl/MSEdgeRedirect
• Build URL (if public):

name: Chocolatey Deploy

on:
  release:
    types: [published]
  workflow_dispatch:

defaults:
  run:
    shell: bash

jobs:
  chocolatey:
    name: Deploy
    runs-on: windows-latest
    if: github.repository == 'rcmaehl/MSEdgeRedirect'
    steps:
      - name: Clone Repository
        uses: actions/checkout@v3
      - uses: oprypin/find-latest-tag@v1
        with:
          repository: rcmaehl/MSEdgeRedirect  # The repository to scan.
          releases-only: true  # We know that all relevant tags have a GitHub release for them.
        id: latesttag
      - name: Set Checksum
        run: |
          filename="MSEdgeRedirect.exe"
          url="https://github.com/${{ github.repository }}/releases/download/${{ steps.latesttag.outputs.tag }}/${filename}"
          sed -i "s#{URL64}#${url}#g" "Assets/Choco/MSEdgeRedirect/tools/chocolateyinstall.ps1"
          curl -sSL "${url}" -o "Assets/Choco/${filename}"
          sha256=$(cat "Assets/Choco/${filename}" | sha256sum -)
          sed -i "s/{SHA256CHECKSUM64}/${sha256:0:64}/g" "Assets/Choco/MSEdgeRedirect/tools/chocolateyinstall.ps1"
      - name: Set Version
        id: version
        run: |
          version=${{ steps.latesttag.outputs.tag }}
          echo "::set-output name=nuget::$version"
          sed -i "s/{VERSION}/${version}/g" "Assets/Choco/MSEdgeRedirect/msedgeredirect.nuspec"
      - name: Pack Release
        uses: crazy-max/[email protected]
        with:
          args: pack Assets/Choco/MSEdgeRedirect/msedgeredirect.nuspec --outputdirectory Assets/Choco/MSEdgeRedirect
      - name: Upload Release
        uses: crazy-max/[email protected]
        with:
          args: push Assets/Choco/MSEdgeRedirect/msedgeredirect.${{ steps.version.outputs.nuget }}.nupkg -s https://push.chocolatey.org/ -k ${{ secrets.CHOCO_KEY }}

Logs

logs_760.zip

Would be nice to be able to use the v2.0.0 of Chocolatey with this GH action.

Goal is to use GitHub packages to host Chocolatey packages since v2.0.0 of Chocolatey now supports NuGet v3 feeds.

Probably just need to change the version number here: https://github.com/crazy-max/ghaction-chocolatey/blob/84f876ce8c3cb6f320b1ca03f48a47c10d9e3a15/image/Dockerfile#L3C1-L4C1

Hi Mr Crazy, I'm having an issue with Choco pack.

Behaviour

Steps to reproduce this issue

1. Use action to package something

Expected behaviour

Package should build correctly.

Actual behaviour

Package fails to build, Action errors with the following logs:

Run crazy-max/ghaction-chocolatey@v2
  with:
    args: pack
    image: ghcr.io/crazy-max/ghaction-chocolatey
Running choco
  C:\ProgramData\Chocolatey\bin\choco.exe pack --allow-unofficial
  Chocolatey v1.[2](https://github.com/Sierra1011/chocolateypackage-rocketchat/actions/runs/3450798168/jobs/5759604527#step:4:2).0
  Root element is missing.
  Error: The process 'C:\ProgramData\Chocolatey\bin\choco.exe' failed with exit code 1

Configuration

Workflow file is here
Action logs and builds here

Logs

logs_42.zip

Notes

I had a look around and found a repo that built successfully config here, logs here, and this one config here, logs here so I'm not entirely sure what I'm doing wrong.
I've seen some other repos that have Choco.exe runs with exit code 1, but none that I can see the logs of.

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'Chocolatey Action' # crazy-max/ghaction-chocolatey
# GITHUB_TOKEN not used

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

Context

I'm porting a Chcolatey build project from Appveyor to github action. On the Appveyor project, I run the release only when getting a tag.
I'd like to port this to Github Actions

Action

Could you please provide some yaml samples for newbees like me so they could run some choco commands only when gettin a tag ?

Thank you in advance for you help and your Github action. 🙏