GitHub Actions este un instrument puternic, dar poate genera erori confuze. Acest ghid acopera cele mai frecvente probleme si solutiile lor.
Eroare: Permission Denied (EACCES)
Simptom:
Error: EACCES: permission denied, open '/github/workspace/...'
npm ERR! Error: EACCES: permission denied, mkdir '/root/.npm'
Solutia 1 - Repara permisiunile npm:
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install with correct permissions
run: |
npm config set prefix ~/.npm-global
export PATH=~/.npm-global/bin:$PATH
npm ciSolutia 2 - Ruleaza ca root in container:
jobs:
build:
runs-on: ubuntu-latest
container:
image: node:20
options: --user rootSolutia 3 - Repara permisiunile fisierelor:
- name: Fix permissions
run: |
sudo chown -R $USER:$USER $GITHUB_WORKSPACE
chmod -R 755 $GITHUB_WORKSPACEEroare: Checkout Esuat - Repository Negasit
Simptom:
Error: fatal: repository 'https://github.com/org/repo/' not found
Error: The process '/usr/bin/git' failed with exit code 128
Cauza 1: Repository privat fara token:
- name: Checkout private repo
uses: actions/checkout@v4
with:
token: ${{ secrets.REPO_ACCESS_TOKEN }} # PAT with repo scopeCauza 2: Acces la submodule:
- name: Checkout with submodules
uses: actions/checkout@v4
with:
submodules: recursive
token: ${{ secrets.PAT_TOKEN }}Cauza 3: Referinta gresita a repository-ului:
# ❌ Gresit - lipseste owner-ul
uses: actions/checkout@v4
with:
repository: repo-name
# ✅ Corect - cale completa
uses: actions/checkout@v4
with:
repository: owner/repo-nameEroare: Secret Indisponibil
Simptom:
Error: Input required and not supplied: token
Warning: The `set-output` command is deprecated
Cauza 1: PR-urile din fork-uri nu au acces la secrete:
# Secretele nu sunt disponibile in PR-uri din fork-uri
# Foloseste pull_request_target cu precautie:
on:
pull_request_target:
types: [labeled]
jobs:
build:
if: contains(github.event.pull_request.labels.*.name, 'safe-to-test')
# Ruleaza doar cand un maintainer adauga label-ul 'safe-to-test'Cauza 2: Secretele de environment nu sunt configurate:
jobs:
deploy:
runs-on: ubuntu-latest
environment: production # Trebuie sa existe in setarile repo-ului
steps:
- run: echo ${{ secrets.PROD_API_KEY }}Cauza 3: Permisiuni GITHUB_TOKEN:
permissions:
contents: read
packages: write
id-token: write # Pentru OIDC
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4Eroare: Timeout la Workflow
Simptom:
Error: The job running on runner GitHub Actions XX has exceeded the maximum execution time of 360 minutes.
Solutia 1 - Seteaza un timeout explicit:
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 30 # Esueaza rapid in loc de 6 ore
steps:
- name: Long running step
timeout-minutes: 10
run: npm testSolutia 2 - Anuleaza workflow-urile redundante:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueSolutia 3 - Optimizeaza cu caching:
- name: Cache node modules
uses: actions/cache@v4
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-Eroare: Artefacte Negasite
Simptom:
Error: Unable to find any artifacts for the associated workflow
Error: Artifact not found for name: build-output
Cauza 1: Artefactul a expirat:
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: build-output
path: dist/
retention-days: 30 # Default-ul este 90, maximul variaza dupa planCauza 2: Nume gresit al artefactului la descarcare:
# Job 1: Upload
- uses: actions/upload-artifact@v4
with:
name: my-artifact # Noteaza numele exact
# Job 2: Download
- uses: actions/download-artifact@v4
with:
name: my-artifact # Trebuie sa fie identicCauza 3: Artefact dintr-un alt workflow:
# Foloseste workflow_run pentru a accesa artefacte din alt workflow
on:
workflow_run:
workflows: ["Build"]
types:
- completed
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: build-output
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ github.event.workflow_run.id }}Eroare: Docker Build/Push Esuat
Simptom:
ERROR: denied: requested access to the resource is denied
Error: buildx failed with: ERROR: failed to solve: failed to push
Solutie - Autentificare Docker corecta:
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:latestEroare: Probleme cu Matrix Strategy
Simptom:
Error: The workflow is not valid. .github/workflows/ci.yml: Unexpected value 'include'
Solutie - Sintaxa corecta pentru matrix:
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, windows-latest]
node: [18, 20]
include:
# Adauga o combinatie specifica
- os: ubuntu-latest
node: 20
experimental: true
exclude:
# Elimina o combinatie specifica
- os: windows-latest
node: 18
steps:
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}Eroare: Filtrarea pe Cai nu Functioneaza
Simptom:
Workflow-ul ruleaza chiar si cand s-au modificat doar fisiere de documentatie.
Solutie - Sintaxa corecta pentru paths:
on:
push:
branches: [main]
paths:
- 'src/**'
- 'package.json'
- '!**/*.md' # Ignora fisierele markdown
pull_request:
paths:
- 'src/**'
# Pentru filtrare complexa, foloseste actiunea paths-filter:
- uses: dorny/paths-filter@v3
id: changes
with:
filters: |
backend:
- 'backend/**'
frontend:
- 'frontend/**'
- if: steps.changes.outputs.backend == 'true'
run: npm run test:backendEroare: Probleme cu Self-Hosted Runner
Simptom:
Error: The self-hosted runner: runner-name lost communication with the server
Solutia 1 - Repornirea serviciului runner:
# Pe masina runner-ului
cd actions-runner
./svc.sh stop
./svc.sh start
./svc.sh statusSolutia 2 - Curatarea workspace-ului runner-ului:
jobs:
build:
runs-on: self-hosted
steps:
- name: Clean workspace
run: |
rm -rf $GITHUB_WORKSPACE/*
rm -rf $GITHUB_WORKSPACE/.[!.]*Solutia 3 - Label-uri pentru runner:
jobs:
build:
runs-on: [self-hosted, linux, x64, gpu] # Toate label-urile trebuie sa se potriveascaBune Practici de Securitate
Evita Script Injection
# ❌ Vulnerabil la injectie
- run: echo "Issue: ${{ github.event.issue.title }}"
# ✅ Sigur - foloseste variabila de mediu
- env:
ISSUE_TITLE: ${{ github.event.issue.title }}
run: echo "Issue: $ISSUE_TITLE"Fixeaza Versiunile Actiunilor
# ❌ Riscant - se poate schimba
uses: actions/checkout@main
# ✅ Mai bine - tag
uses: actions/checkout@v4
# ✅ Cel mai bine - SHA (imuabil)
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11Permisiuni Minime pentru Token
permissions:
contents: read # Doar ce este necesar
jobs:
build:
permissions:
packages: write # Suprascrie la nivel de jobSfaturi de Debugging
Activeaza Logging-ul de Debug
# Adauga in secretele repository-ului:
# ACTIONS_RUNNER_DEBUG = true
# ACTIONS_STEP_DEBUG = true
# Sau in workflow:
- name: Debug info
run: |
echo "GitHub Context:"
echo '${{ toJson(github) }}'Sesiune de Debug cu Tmate
- name: Setup tmate session
if: failure()
uses: mxschmitt/action-tmate@v3
timeout-minutes: 15Referinta Rapida: Rezolvari Frecvente
| Eroare | Rezolvare Rapida |
|--------|-----------------|
| Permission denied | sudo chown -R $USER:$USER . |
| Secret indisponibil | Verifica configuratia environment-ului |
| Timeout | Adauga timeout-minutes: 30 |
| Artefact negasit | Potriveste numele exact |
| Docker push refuzat | Adauga docker/login-action |
| Matrix invalid | Verifica indentarea YAML |
Nevoi Complexe de CI/CD?
Construirea pipeline-urilor CI/CD de productie necesita expertiza in securitate, performanta si fiabilitate. Echipa noastra este specializata in:
- Optimizarea workflow-urilor GitHub Actions
- Strategii sigure de gestionare a secretelor
- Infrastructura de self-hosted runner
- Pipeline-uri de deployment multi-environment
Sistemul tau AI e conform cu EU AI Act? Evaluare gratuita de risc - afla in 2 minute →