Octokit: PUT /repos/{owner}/{repo}/contents/{path} status: 404

Question

I am working on a GitHub workflow that updates content in another repo.

workflow:

  issues:
    types: [opened, reopened]

jobs:
  forking:
    name: 'Test'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v1
      - name: Forking
        uses: ./.github/actions/fork
        env:
          jump2header_token: ${{ secrets.JUMP2HEADER_TOKEN }}
      # - name: Sleep for 30 seconds
      #   uses: jakejarvis/wait-action@master
      #   with:
      #     time: '30s'
      - name: Update file
        uses: ./.github/actions/update_file
        env:
          jump2header_token: ${{ secrets.JUMP2HEADER_TOKEN } # "x-oauth-scopes": "repo"

import { context, getOctokit } from "@actions/github";

const octokit = getOctokit(process.env.jump2header_token || "");

const response = await octokit.request(
    `PUT /repos/{owner}/{repo}/contents/{path}`,
    {
      owner,
      repo,
      path: file,
      message: generateCommitMessage(),
      content,
      sha,
      branch,
    }
  );

This is the error that I am getting in the actions workflow:

{
  "name": "HttpError",
  "status": 404,
  "headers": {
    "access-control-allow-origin": "*",
    "access-control-expose-headers": "ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset",
    "connection": "close",
    "content-encoding": "gzip",
    "content-security-policy": "default-src 'none'",
    "content-type": "application/json; charset=utf-8",
    "date": "Sun, 13 Dec 2020 18:02:20 GMT",
    "referrer-policy": "origin-when-cross-origin, strict-origin-when-cross-origin",
    "server": "GitHub.com",
    "status": "404 Not Found",
    "strict-transport-security": "max-age=31536000; includeSubdomains; preload",
    "transfer-encoding": "chunked",
    "vary": "Accept-Encoding, Accept, X-Requested-With",
    "x-accepted-oauth-scopes": "",
    "x-content-type-options": "nosniff",
    "x-frame-options": "deny",
    "x-github-media-type": "github.v3; format=json",
    "x-github-request-id": "0403:379D:747844:12E9DA7:5FD6572B",
    "x-oauth-scopes": "repo",
    "x-ratelimit-limit": "5000",
    "x-ratelimit-remaining": "4994",
    "x-ratelimit-reset": "1607885212",
    "x-ratelimit-used": "6",
    "x-xss-protection": "1; mode=block"
  },
  "request": {
    "method": "PUT",
    "url": "https://api.github.com/repos/strdr4605/TMPS/contents/README.md",
    "headers": {
      "accept": "application/vnd.github.v3+json",
      "user-agent": "octokit-core.js/3.2.4 Node.js/12.13.1 (linux; x64)",
      "authorization": "token [REDACTED]",
      "content-type": "application/json; charset=utf-8"
    },
    "body": "{\"message\":\"docs: add links to top with jump2header\",\"content\":\"IyBUTVBTCg==\",\"sha\":\"e734b6a1805da1b08294715d5ede2761fd4807e5\",\"branch\":\"jump2header\"}",
  ...
}

Why 404 error if the repo exists: https://api.github.com/repos/strdr4605/TMPS/contents/README.md?
Am I doing the update right?

Answer 1

A 404 generally means an authentication issue: for security reason, the API pretends there is no such resource (even if it exists) when it detects you are not allowed to access/update it.

The action-update-file action should require a GitHub token for authentication

Example:

name: Resources
on: repository_dispatch
jobs:
    resources:
        name: Update resources
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v1

            - uses: actions/setup-node@v1

            - name: Fetch resources
              run: ./scripts/fetch-resources.sh

            - name: Update resources
              uses: test-room-7/action-update-file@v1
              with:
                  file-path: path/to/file
                  commit-msg: Update resources
                  github-token: ${{ secrets.GITHUB_TOKEN }}