Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn about the limitations of GitHub tokens #491

Merged
merged 1 commit into from Jun 9, 2023
Merged

Warn about the limitations of GitHub tokens #491

merged 1 commit into from Jun 9, 2023

Conversation

dfandrich
Copy link
Contributor

The action will return

Error: HttpError: Resource not accessible by integration

when triggered on a PR on a forked repository.

@dfandrich dfandrich requested a review from a team as a code owner January 25, 2023 00:56
@dfandrich
Copy link
Contributor Author

I just discovered issue #399, so this warning should be updated.

@AndreiLobanovich
Copy link
Contributor

AndreiLobanovich commented Jun 6, 2023
edited

Hey, @dfandrich! Thanks for your contribution! We decided to go with your approach - adding permissions section in README. However we have updated the text.

In order to add labels to pull requests, the GitHub labeler action requires write permissions on the pull-request. However, when the action runs on a pull request from a forked repository, GitHub only grants read access tokens for pull_request events, at most. If you encounter an Error: HttpError: Resource not accessible by integration, it's likely due to these permission constraints.
To resolve this issue, you can modify the on: section of your workflow to use pull_request_target instead of pull_request (see example above). This change allows the action to have write access, because pull_request_target alters the context of the action and safely grants additional permissions.
Refer to the GitHub token permissions documentation for more details about access levels and event contexts.

Could you please change the text like that?

@dfandrich
Document permissions needed for pull_request events
092c82e 
An "Error: HttpError: Resource not accessible by integration" will be
encountered on pull requests with the wrong permissions.

Co-authored-by: AndreiLobanovich
@dfandrich
Copy link
Contributor Author

Done.

@MaksimZhukov MaksimZhukov merged commit 673e3c1 into actions:main Jun 9, 2023
3 checks passed
@squat squat mentioned this pull request Aug 30, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndreiLobanovich AndreiLobanovich AndreiLobanovich approved these changes

@MaksimZhukov MaksimZhukov MaksimZhukov approved these changes

@IvanZosimov IvanZosimov IvanZosimov approved these changes

Assignees

@AndreiLobanovich AndreiLobanovich

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dfandrich @AndreiLobanovich @MaksimZhukov @IvanZosimov