Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.omni.co/llms.txt

Use this file to discover all available pages before exploring further.

Git authentication failed

If you’re using HTTPS token authentication and receive a “Git authentication failed” error, this typically indicates an issue with your access token. Common causes include:
  • Expired token - Access tokens have expiration dates. Check if your token has expired and create a new one if needed.
  • Insufficient permissions - Verify that your token has the required permissions:
    • For GitHub: Contents (read and write), Metadata (read-only), and Pull requests (read and write)
    • For GitLab: api, read_repository, and write_repository scopes
  • Incorrect token format - Ensure you’ve copied the entire token without any extra spaces or characters.
  • Token revoked - The token may have been revoked in your git provider. Generate a new token and update it in Omni’s git settings.
To resolve this issue:
  1. Verify your token is still valid and has the correct permissions in your git provider.
  2. If needed, generate a new token with the appropriate permissions.
  3. Update the token in Omni by navigating to Model > Git settings and clicking the Change Token button.

Git push failed

GitHub

If you are receiving the following error: 
Failed to sync git repoGit push failed; status: REJECTED_OTHER_REASON, message: protect branch hook declined
This is most likely due to the branch protection settings applied to your base branch (the target branch Omni tracks for pull request webhooks). If you want to require pull requests for your Omni git repo, there are most likely two ways in which you want Omni to operate with Git.
  1. Omni has to be able to force push schema changes, but approval is required for pull requests made by users.
  2. Require Omni to go through the pull request process for all schema refreshes by turning on Require system syncs as in the screenshot below.

Option 1: Allow schema refreshes to bypass pull-requests

  1. In the git settings for your shared model, set the Require pull request toggle to true.
  2. In the git repo’s settings, add a GitHub ruleset to require pull requests. Select the rules Require pull request before merging, Block force pushes, and Restrict Deletions.
  3. On the same ruleset’s settings, add a bypass to the bypass list.
Now the pull requests are required for all user generated pull requests but changes made with schema refreshes will be force pushed to your repo.

Option 2: Require pull requests for all changes

  1. In the connection settings for your model, enable the Branch Based Schemas Refresh setting.
  2. In the git settings for your shared model, set the Require pull request and the Require for system syncs setting.
  1. In the git repo’s settings, add a GitHub ruleset to require pull requests. Select the rules Require pull request before merging, Block force pushes, and Restrict Deletions. Do not add anything to the bypass list.

Webhook secret compromised or expired

Webhook secret rotation is only available when using SSH authentication. HTTPS token authentication does not use webhook secrets.
If you suspect your webhook secret has been compromised, leaked, or accessed without authorization, you should rotate it immediately to maintain the security of your git integration. Rotating the secret generates a new credential without requiring you to unlink and re-link your repository. Common scenarios that require webhook secret rotation:
  • Security incident - Your webhook secret was exposed in logs, code, or leaked in a security breach
  • Suspected unauthorized access - You suspect someone has accessed your webhook secret
  • Routine security practice - Regular credential rotation as part of your security policy
  • Provider notification - Your git provider (such as GitHub) notified you that webhook secrets may have been compromised
See Rotating webhook secrets for more information.