version=latest is not working

[xlqian]

Hi,

We tested it in our private repo,when a specific version was given, it worked find, but it seems when a version was set to 'latest' or nothing, it failed to fetch the asset id.

regards

[dsaltares]

Can you provide a mininal repro case please?

[paulduszak]

I don't believe this is a valid issue. For future reference if anyone comes across a similar issue -

I initially ran into this issue with version: "latest" when pulling a release from another private repository of mine. The issue was that the default token (${{ secrets.GITHUB_TOKEN }}) does not have sufficient access to pull from a different repo.

If you make a request to access a private resource and your request isn't properly authenticated, you will receive a 404 Not Found response. GitHub uses a 404 Not Found response instead of a 403 Forbidden response to avoid confirming the existence of private repositories.

If you are using GITHUB_TOKEN in a GitHub Actions workflow, you should ensure that:
The endpoint is only affecting resources owned by the repository where the workflow is running. If you need to access resources outside of that repository, such as resources owned by an organization or resources owned by another repository, you should use a personal access token or an access token for a GitHub App.

Source

To resolve, I:

1. Generated a fine-grained personal access token for the repository I wanted to pull the secret from with "Read-only" permission for "Contents"
2. Created a repository secret containing the value from step 1.
3. Passed the variable containing the secret (ex. ${{ secrets.MYVAR }}) to the token input in the consuming repo GH action.