-
Notifications
You must be signed in to change notification settings - Fork 178
Can't merge pull requests that modify Github actions #806
Comments
I saw the same error with |
Happened again in another repo: flamegraph-rs/flamegraph#33 |
Same in rubygems/rubygems#3064. Might be a duplicate of #783? |
Looks like this definitely happens if PR in questions modifes github acitons themselves, but I think it also happens in some other cases (maybe when merge commit contains changes to actions along at least one ancestoral path?)? |
Just posting here to confirm that we seem to get this problem consistently when an PR from an external fork modifies github actions files themselves. We run into this again in rubygems/rubygems#3167, which meets both conditions. |
I think we're seeing a variant of this in bryangingechen/mathlib#21; in this instance, the external fork PR doesn't modify the github actions files, but there's a commit in master that did, so a merge commit into Since this "Resource not accessible by integration" problem seems to be relatively common, could I request that bors handle it without crashing? (I'd be happy to contribute, but I don't know enough (any) elixir. If someone could give some pointers I'd be willing to have a go at it myself.) |
Github announced a new workflow permission. This might fix this problem. |
We got also hit by this in the https://github.com/ddnet/ddnet respository (I guess admins of the public bors instance could check out the logs there). It seems to happen whenever we modify a GitHub actions script. It would be nice if bors didn't fail the whole batch in this case, but try binary searching the diff that work and reporting that they didn't on the other pull requests. |
@matklad Could you rename this issue to "Can't merge pull requests that modify Github actions"? |
I agree. Bors should comment on the PR saying something like "Insufficient permissions: I need the workflow permission". Has anyone worked out how to add the permission to bors which is installed on a GH organisation (not a user)? |
@vext01 From what I understand, the "workflow" permission (or any permission for that matter) can only be changed by the maintainer of the GithubApp. As users we've won't be able to change this setting. What is unclear to me is, once the permission has been changed by the maintainer, whether we need to approve that change, reinstall the app, or the change gets applied automatically. |
https://developer.github.com/apps/managing-github-apps/editing-a-github-app-s-permissions/
|
The problem seems to persist, even after adding the new Github actions permissions: ddnet/ddnet#2185. |
According to this forum post, github apps aren't allowed to merge PRs that touch github actions. |
Wow, so GitHub basically makes it impossible to use an app like bors consistently for all PRs (which is exactly what bors is for)? I better don't migrate my bors-using repos to GHA then. |
TBH, for me personally bors + GHA feel like less maintenance than bors + {traivs,appveyor,azure} despite this issue. Though, I only migrate projects I actively develop. It certainly make the migration process itself more painful, as that is exactly when you edit actions :D |
Is this still a problem? After I accepted the change in permissions for the hosted bors instance, I can now r+ pull requests. For example: jonasbb/rust_misc_utils#45 |
It is (was?) only a problem for PRs from a fork. If you make a PR from the same repository, then it works fine. |
So I am getting
error on some pull-request on rust-analyzer, but not on others. rust-lang/rust-analyzer#2297 and rust-lang/rust-analyzer#2316 (resubmission of the same commit as a new PR) failed with this error, but rust-lang/rust-analyzer#2317 begun testing successfully.
The text was updated successfully, but these errors were encountered: