https://pantsbuild.org/ logo
#development
Title
# development
b

bored-art-40741

09/20/2021, 11:16 PM
I'm seeing a weird error in PR CI (https://github.com/pantsbuild/pants/pull/12890/checks?check_run_id=3657406781) that looks like a configuration issue, or maybe just something transient:
Copy code
23:09:35.17 [WARN] [rules] Failed to load Toolchain token from env var 'TOOLCHAIN_AUTH_TOKEN'. Please make sure the env var is set in your environment.
23:09:35.17 [INFO] [rules] Acquire restricted access token: {'repo_slug': 'pantsbuild/pants', 'env': {'GITHUB_ACTIONS': 'true', 'GITHUB_RUN_ID': '1255477684', 'GITHUB_REF': 'refs/pull/12890/merge', 'GITHUB_EVENT_NAME': 'pull_request', 'GITHUB_SHA': '6d88f59c53a251eb50f9c45bec971f185ec16370', 'GITHUB_REPOSITORY': 'pantsbuild/pants', 'GITHUB_WORKFLOW': 'Pull Request CI', 'GITHUB_JOB': 'lint_python'}}
23:09:35.73 [WARN] Error loading access token: AuthError('[rules] Auth rejected by server request_id=d66ee1b707d2eba195a5aa43a80279a3')
Error: Process completed with exit code 1.
h

hundreds-father-404

09/20/2021, 11:20 PM
Maybe that your plugin version of Toolchain is still
cc @polite-garden-50641
p

polite-garden-50641

09/20/2021, 11:21 PM
this is safe to ignore.
h

hundreds-father-404

09/20/2021, 11:22 PM
ohh @bored-art-40741 scroll up for the actual errors, MyPy
p

polite-garden-50641

09/20/2021, 11:22 PM
we currently only issue access tokens to the toolchain service for toolchain engineers, hence the server refuses to allocation an access token for your PR.
pants still works in this scenario, just w/o the remote cache and data is not uploaded to the toolchain service.
which is perfectly fine and matches the current system design.
23:07:22.56 [WARN] Auth failed - BuildSense plugin is disabled.
this is 100% ok.
b

bored-art-40741

09/20/2021, 11:23 PM
oh okay
yeah this is because I was so far behind main I think, should be an easy fix
w

witty-crayon-22786

09/20/2021, 11:29 PM
no one else is seeing this, right? because i also needed to refresh the CI token last week.
b

bored-art-40741

09/20/2021, 11:36 PM
Not sure, but Eric pointed out that I was just reading trailing warnings; the root cause was a regular mypy failure
w

witty-crayon-22786

09/20/2021, 11:36 PM
yea. @hundreds-father-404: can you confirm that you have access in your CI runs?
(sorry, i’d check my own, but… haven’t pushed since last week)
p

polite-garden-50641

09/20/2021, 11:37 PM
this is unrelated to the CI token which is only used in branch builds not PR builds.
w

witty-crayon-22786

09/20/2021, 11:38 PM
got it.
p

polite-garden-50641

09/20/2021, 11:38 PM
Since PRs can be submitted by anyone on the internet, we don't trust them (by default) and don't allow them to access the toolchain SasS.
this is by design.
the GH secrets are not exposed to PRs... this is common in CI system config for public repos (unless you are travis CI...) https://arstechnica.com/information-technology/2021/09/travis-ci-flaw-exposed-secrets-for-thousands-of-open-source-projects/
🙈 1
🤭 1
w

witty-crayon-22786

09/20/2021, 11:47 PM
yea, makes sense. would be good to silence the warning… i expect other contributors have seen this, and might have thought it was broken (i had been confused by it when looking at a contributor’s PR at one point)
👍 1
p

polite-garden-50641

09/21/2021, 3:03 PM
I have a ticket to improve the DX... will be working on it soon.
w

witty-crayon-22786

09/21/2021, 3:55 PM
thank you!
2 Views