Review app github action error: Not authorized to deploy this app

I am using the basic example to set up a review app workflow but keep getting this error:

Error: Not authorized to deploy this app.

The yml is the same except I added a FLY_APP under env:

FLY_APP: my-app-pr-${{ github.event.number }}

and under the deploy step:

with:
  name: ${{ env.FLY_APP }}

Here is a snippet for the action console output:

+ flyctl status --app my-app-name-pr-1
Error: failed to get app: Could not find App "my-app-name-pr-1"
+ cp fly.toml fly.toml.bak
+ flyctl launch --no-deploy --copy-config --name my-app-name-pr-1 --image  --region iad --org personal
An existing fly.toml file was found for app my-app-name
Scanning source code
Detected a Dockerfile app
Creating app in /github/workspace
We're about to launch your app on Fly.io. Here's what you're getting:

Organization: <name>                  (specified on the command line)
Name:         my-app-name-pr-1          (specified on the command line)
Region:       <region>   (specified on the command line)
App Machines: shared-cpu-1x, 512MB RAM (from your fly.toml)
Postgres:     <none>                   (not requested)
Redis:        <none>                   (not requested)
Tigris:       <none>                   (not requested)

Error: Not authorized to deploy this app.

Hi… I don’t use GitHub Actions myself, but the instructions that you linked to asked you to create a token with the deprecated fly auth token—which may have handed you a credential having unexpectedly brief validity (expiration), :dragon:.

How about trying the newer fly tokens org way, instead?

I actually did not even run fly auth token as I created a dockerfile, ran flyctl launch and then flyctl deploy. This already created a token and a deploy yaml on my initial deployment however it only triggers when a commit is pushed to main. So I thought I would just have to copy the review app yaml and be good to go.

Interesting… The tokens are not interchangeable, :snowflake:, which is maybe not immediately obvious…

Glancing at the flyctl launch source code, the process that you tried gave you a limited token: strictly for my-app. Hence, by design, it failed on the (separate) my-app-pr-1.

The org token has broader validity, covering all apps in a given organization, which is why it’s recommended when you intend to have app-1, app-2, app-3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.