Open
Description
Thanks for creating this action, it tidied up lots of our workflows. This is more of a question, should I be able to use this action on workflows run by https://github.com/dependabot ?
I'm getting what I presume is a security related issue:
Failed to create token for "OURORGANISATION" (attempt 1): Integration not found - https://docs.github.com/rest
Failed to create token for "OURORGANISATION" (attempt 2): Integration not found - https://docs.github.com/rest
Failed to create token for "OURORGANISATION" (attempt 3): Integration not found - https://docs.github.com/rest
Failed to create token for "OURORGANISATION" (attempt 4): Integration not found - https://docs.github.com/rest
RequestError [HttpError]: Integration not found - https://docs.github.com/rest
at fetchWrapper (/__w/_actions/actions/create-github-app-token/v2/dist/main.cjs:41019:11)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async hook4 (/__w/_actions/actions/create-github-app-token/v2/dist/main.cjs:42282:18)
at async getTokenFromOwner (/__w/_actions/actions/create-github-app-token/v2/dist/main.cjs:42604:20)
at async RetryOperation._fn (/__w/_actions/actions/create-github-app-token/v2/dist/main.cjs:42487:24) {
status: 404,
request: {
method: 'GET',
url: 'https://api.github.com/users/OURORGANISATION/installation',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'actions/create-github-app-token',
authorization: 'bearer [REDACTED]'
},
request: { hook: [Function: bound hook4] AsyncFunction }
},
I have separately granted the app-id and private-key via dependabot secrets, but it seems to be the next step when the action tries to retrieve the installation fails. If I close and reopen the PR (so that it runs as me) the whole workflow passes and I can update the dependency.
Apologies if this is a configuration issue on our side but any pointers would be very much appreciated.
Metadata
Metadata
Assignees
Labels
No labels