Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: HttpError: Resource not accessible by integration #5

Closed
Dr-Noob opened this issue Aug 9, 2021 · 5 comments
Closed

Error: HttpError: Resource not accessible by integration #5

Dr-Noob opened this issue Aug 9, 2021 · 5 comments

Comments

@Dr-Noob
Copy link

Dr-Noob commented Aug 9, 2021

I have included repo-lockdown in my project. My goal is to automatically close all the PR with a message. I tested this exact same file in a private repo to check that it was working as expected and it worked. Now, in a real repository, when I go to Actions in github, it shows:

Run dessant/repo-lockdown@v2
  with:
    github-token: ***
    skip-closed-issue-comment: false
    close-issue: false
    lock-issue: true
    pr-comment: cpufetch does not accept pull requests, see [the contributing guidelines](https://github.com/Dr-Noob/cpufetch/blob/master/CONTRIBUTING.md) for details
    skip-closed-pr-comment: false
    close-pr: true
    lock-pr: false
    process-only: prs
Error: HttpError: Resource not accessible by integration

What is happening?
@dessant
Copy link
Owner

dessant commented Aug 9, 2021
edited

Thanks for the bug report! I've also tested with my own pull requests only during development, but that breaks down during normal use, because the pull requests you want to avoid are created by untrusted users, so workflows triggered by the pull_request event will get read-only tokens from GitHub.

The fix is to replace the pull_request event with pull_request_target in your workflow file, so that the workflow run can get write access to pull requests. Using this event is safe with the standalone example workflows from the README, but should not be combined with other actions that check out the pull request code or otherwise touch the changes.

https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target

Recent changes on GitHub regarding workflow run approvals may also complicate things, but I'm not sure if that also applies to workflows triggered by the pull_request_target event.

https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks

@dessant dessant pinned this issue Aug 9, 2021
@Dr-Noob
Copy link
Author

Dr-Noob commented Aug 9, 2021

Thanks for the quick response! I have updated the target in my repository. I already saw the new GitHub thing about approving workflow runs from public forks, and I have to admit that I was pretty confused. There's an easy way to check if pull_request_target works with this feature, tough; open a dummy pull request in my repository and let's see what happens.

PS: Maybe this pull_request vs pull_request_target issue should be detailed in the README (maybe it is, but I just didn't see it?)

@dessant
Copy link
Owner

dessant commented Aug 9, 2021

Yes, I've left the issue open because I plan to make some changes to the documentation. It seems to work now 😋: Dr-Noob/cpufetch#105

@Dr-Noob
Copy link
Author

Dr-Noob commented Aug 9, 2021

Great! Yeah, it worked. For the record, I didn't need to allow explicitly the workflow to be run, it did it automatically. Thanks for the help!

@dessant
Copy link
Owner

dessant commented Aug 13, 2021

Fixed in 20caf22. I couldn't trigger workflow approvals either with this event.

@dessant dessant closed this as completed Aug 13, 2021
@dessant dessant unpinned this issue Sep 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dessant @Dr-Noob