Skip to content

Fix file count GitHub Action permissions to allow label creation#713

Merged
A1L13N merged 2 commits into
mainfrom
copilot/fix-file-count-github-action
Oct 14, 2025
Merged

Fix file count GitHub Action permissions to allow label creation#713
A1L13N merged 2 commits into
mainfrom
copilot/fix-file-count-github-action

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Oct 14, 2025
edited
Loading

Problem

The pr-file-count-labeler GitHub Action workflow was failing with the error:

RequestError [HttpError]: Resource not accessible by integration

This occurred when the workflow attempted to create repository labels dynamically (e.g., f1, f2, f3) to indicate the number of files changed in a PR.

Root Cause

The workflow had contents: read permission, which is insufficient for creating repository labels. The GitHub API method github.rest.issues.createLabel() requires contents: write permission to create new labels in the repository.

While issues: write permission allows adding/removing existing labels to issues and PRs, it does not grant the ability to create new labels in the repository itself.

Solution

Updated the workflow permissions from:

permissions:
  contents: read
  pull-requests: read
  issues: write

to:

permissions:
  contents: write  # required to create labels
  pull-requests: read
  issues: write  # required to add/remove labels

Security Considerations

This change is safe because:

  1. The workflow uses pull_request_target which runs in the base repository's security context
  2. The workflow explicitly does NOT check out or execute any PR code (as documented in the security comment)
  3. The workflow only uses the GitHub API to manage labels - it performs no code execution
  4. The contents: write permission is scoped only to this specific workflow

Testing

  • ✅ YAML syntax validated
  • ✅ Workflow configuration is valid
  • ✅ Minimal change that only affects the specific permission needed

Fixes the issue where the file count labeler workflow could not create labels for new file counts.

Original prompt

This section details on the original issue you should resolve

<issue_title>fix file count github action</issue_title>
<issue_description>Run actions/github-script@v7
with:
github-token: ***
script: const pr = context.payload.pull_request;
if (!pr) {
core.info('No pull_request in context. Skipping.');
return;
}

const owner = context.repo.owner;
const repo = context.repo.repo;
const pull_number = pr.number;

// Get all files (with pagination) and count them
const files = await github.paginate(github.rest.pulls.listFiles, {
owner,
repo,
pull_number,
per_page: 100,
});
const count = files.length;
const newLabel = f${count};

// Get current labels on the PR
const { data: current } = await github.rest.issues.listLabelsOnIssue({ owner, repo, issue_number: pull_number, per_page: 100 });
const currentNames = new Set(current.map(l => l.name));

// Remove any existing f* numeric labels (e.g., f1, f23)
const fLabelRegex = /^f\d+$/i;
for (const name of currentNames) {
if (fLabelRegex.test(name) && name !== newLabel) {
try {
await github.rest.issues.removeLabel({ owner, repo, issue_number: pull_number, name });
} catch (err) {
core.warning(Failed to remove label ${name}: ${err.message});
}
}
}

// Ensure the new label exists (create if missing)
async function ensureLabelExists(labelName) {
try {
await github.rest.issues.getLabel({ owner, repo, name: labelName });
} catch (e) {
if (e.status === 404) {
// Create with a readable teal-ish color; description explains purpose
await github.rest.issues.createLabel({
owner,
repo,
name: labelName,
color: '36b3a8',
description: 'Number of files changed in PR',
});
} else {
throw e;
}
}
}

await ensureLabelExists(newLabel);

// Add the label if it isn't already present
if (!currentNames.has(newLabel)) {
await github.rest.issues.addLabels({ owner, repo, issue_number: pull_number, labels: [newLabel] });
core.info(Applied label ${newLabel} to PR #${pull_number});
} else {
core.info(Label ${newLabel} already present on PR #${pull_number});
}

// Optional: log the count for transparency
core.info(PR #${pull_number} has ${count} changed file(s).);

debug: false
user-agent: actions/github-script
result-encoding: json
retries: 0
retry-exempt-status-codes: 400,401,403,404,422

RequestError [HttpError]: Resource not accessible by integration
at /home/runner/work/_actions/actions/github-script/v7/dist/index.js:9537:21
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async eval (eval at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v7/dist/index.js:36187:16), :63:3)
at async main (/home/runner/work/_actions/actions/github-script/v7/dist/index.js:36285:20) {
status: 403,
response: {
url: 'https://api.github.com/repos/alphaonelabs/alphaonelabs-education-website/issues/707/labels',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Fri, 10 Oct 2025 19:25:05 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'github.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-accepted-github-permissions': 'issues=write; pull_requests=write',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '0829:3B0263:3244D8:DAB5CC:68E95D91',
'x-ratelimit-limit': '5000',
'x-ratelimit-remaining': '4980',
'x-ratelimit-reset': '1760126323',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '20',
'x-xss-protection': '0'
},
Error: Unhandled error: HttpError: Resource not accessible by integration
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/issues/labels#add-labels-to-an-issue',
status: '403'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/alphaonelabs/alphaonelabs-education-website/issues/707/labels',
headers: ...

Fixes #712

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Oct 14, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@A1L13N
Fix file count GitHub action by adding contents:write permission
5231b0c 
Co-authored-by: A1L13N <193832434+A1L13N@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix file count in GitHub Action Fix file count GitHub Action permissions to allow label creation Oct 14, 2025
Copilot AI requested a review from A1L13N October 14, 2025 14:16
@A1L13N A1L13N marked this pull request as ready for review October 14, 2025 14:18
@A1L13N A1L13N merged commit a193ea3 into main Oct 14, 2025
12 of 16 checks passed
@A1L13N A1L13N deleted the copilot/fix-file-count-github-action branch October 14, 2025 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@A1L13N A1L13N Awaiting requested review from A1L13N

Assignees

@A1L13N A1L13N

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix file count github action

2 participants

@A1L13N