Error rendering push status stream: unauthorized: not allowed

I configured the fly with Github Actions. But when deploying, this error occurs. Can you help me?

main.yml:

name: Fly Deploy
on: [push]
env:
  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
jobs:
  deploy:
    name: Deploy app
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: superfly/flyctl-actions/setup-flyctl@master
      - run: flyctl deploy --remote-only

Error failed to fetch an image or build from source: error rendering push status stream: unauthorized: not allowed

Hi @coraggio,

I think it should instead be:

- name: PR Review Apps on fly.io
  uses: superfly/fly-pr-review-apps@1.0.0

Based on this: PR Review Apps on fly.io · Actions · GitHub Marketplace · GitHub

Hi, Mark! You mean change the file to:

name: Fly Deploy
on: [push]
env:
  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
jobs:
  deploy:
    name: PR Review Apps on fly.io
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: superfly/fly-pr-review-apps@1.0.0
      - run: flyctl deploy --remote-only

If yes, returned this error in Run superfly/fly-pr-review-apps@1.0.0

+ '[' -n  ]
+ jq -r .number /github/workflow/event.json
+ PR_NUMBER=null
+ '[' -z null ]
+ jq -r .event.base.repo.owner /github/workflow/event.json
+ REPO_OWNER=null
+ jq -r .event.base.repo.name /github/workflow/event.json
+ REPO_NAME=null
+ jq -r .action /github/workflow/event.json
+ EVENT_TYPE=null
+ app=pr-null-null-null
pr-null-null-null
+ region=iad
+ org=personal
+ image=
+ + echogrep pr-null-null-null null

+ '[' null '=' closed ]
+ flyctl status --app pr-null-null-null
Error failed to get app: Could not find App "pr-null-null-null"


+ flyctl launch --now --copy-config --name pr-null-null-null --image  --region iad --org personal
An existing fly.toml file was found for app vindicceapp
Error Post "https://api.fly.io/graphql": net/http: invalid header field value for "Authorization"**strong text**

Hi @coraggio,

I haven’t used the fly-pr-review-apps action before. I’ve been wanting to try it out.

I’ll poke it too.

Hi @coraggio,

I got the auto-deploy working. You are probably missing your FLY_API_TOKEN.

See here for instructions on getting and setting the FLY_API_TOKEN. You use fly auth token to get the value, then you need to set it in Github.

Once that’s set, here’s the version I ended up using. I changed it to only deploy when pushing to the main/master branch.

name: Fly Deploy
# Only auto-deploy when merging to master.
on:
  push:
    branches: [ "master" ]
env:
  FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
jobs:
  deploy:
    name: Deploy app
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: superfly/flyctl-actions/setup-flyctl@master
      - run: flyctl deploy --remote-only

Hi mark. I had already generated the token before and it still didn’t work. I also tried to do it using the template you posted, but it gave my error. Detail that I’m trying to deploy in an organization, maybe I generated the token from my personal account. Or has nothing to do with it?

Hi @coraggio,

The detail about the org is interesting. I’d like to play with that too. I’ve been out sick and still recovering, so it may take some time before I can look into it.

@coraggio this error might be caused by a newline or whitespace in the secret stored in GitHub Actions. Can you make sure there’s no trailing whitespace and try again?

Hi @coraggio,

I just tested it out (I’ve been wanting to anyway) and verified I was able to auto-deploy the app on Fly when it belongs to a non-personal Fly.io organization.

So it should work for you! Please check what @michael recommended about he secret being multi-line and sensitive to spaces.

Good luck!

Hi mark. I tried Michael’s suggestion and now another error appears.

Do I need to set environment variables in fly.toml? When I manually deployed it, it found my project’s .env automatically. Now when trying to deploy from Github Actions, it is not finding.

Error: 2-10-19T11:34:32Z   [info][ERROR] 11:34:32 EnvVarError: env-var: "DB_HOST" is a required variable, but it was not set

Hi @coraggio,

It sounds like spaces were the problem! Glad you got that fixed!

Yes, for the next problem, non-sensitive project ENV variables can be set in the fly.toml file. Use Fly secrets (also documented in the link) for Fly.io ENV that are sensitive.

But if fly.toml has to be outside of gitignore for deployment, won’t my data be exposed? For example, database password, etc.

Hi @coraggio,

fly.toml needs to be checked in for deployments to work. This also identifies what app it is!

Yes, secrets like database passwords should not be in fly.toml.

Please refer to the Fly.io documentation on Secrets.

Basically, you add a secret like this:

flyctl secrets set DATABASE_URL=postgres://example.com/mydb 

And it will be available at runtime as an ENV in Fly.io.

Mark, is this database URL the same as the one on the database dashboard?

→ flyctl secrets set DATABASE_URL=postgres://example.com/mydb

For example: db-name.fly.dev

I don’t know what your DB URL will be.

The DB might be outside of Fly, it might be a Postgres one that Fly generated for you, it might be custom MySQL one.

When you create a Postgres DB on Fly, it automatically adds the secret for you. You can run fly secrets list to see what already exists. If the DB is “attached” to your app, the secrets are already available to your app.

See Fly Postgres on Apps V1 · Fly Docs for details on Postgres on Fly.io.

I created a Postgres database on Fly, so I mean the URL they make available on the Fly dashboard for the bank.

I say the URL because I need to set the bank key in fly.toml through a URL, right? According to the documentation using flyctl secrets set DATABASE_URL=postgres://example.com/mydb.

So in Github Actions, my application could access the database to work. Detail that already attributes my Postgres bank to my application on Fly.

If I need to use my bank’s URL, I tried using the URL provided on the dashboard, but it didn’t work.