Error "Resource not accessible by integration" is not helpful

[aguschin]

The error RequestError [HttpError]: Resource not accessible by integration is raised when you use incorrect secret (I've used secrets.GITHUB_SECRET instead of a personal access token with repo+workflow permissions). Unfortunately I had no idea I'm doing this wrong and the error message wasn't pointing out what should be done in this case.

Imho, it would be great to have more obvious error message here.

Full error log:
https://github.com/iterative/yolov5/runs/2837021374?check_suite_focus=true

Related discussion: #554 (comment)

[DavidGOrtega]

Should not this error to be reported in the TFI repo? Also we have a ticket there for such a compromise.
iterative/terraform-provider-iterative#17

[0x2b3bfa0]

I'm not completely sure about the scope of iterative/terraform-provider-iterative#17, but this looks like a different issue. In this case, the error handling logic belongs to CML itself, not the provider.

[casperdcl]

Not sure if related, but also if token lacks permission:

{"level":"error","message":"Forbidden","stack":"Error: Forbidden
    at Gitlab.request (/usr/lib/node_modules/@dvcorg/cml/src/drivers/gitlab.js:418:38)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Gitlab.commentCreate (/usr/lib/node_modules/@dvcorg/cml/src/drivers/gitlab.js:74:5)
    at async CML.commentCreate (/usr/lib/node_modules/@dvcorg/cml/src/cml.js:183:12)
    at async Object.exports.handler (/usr/lib/node_modules/@dvcorg/cml/bin/cml/send-comment.js:13:15)"}

should be replaced with "Ensure permissions are granted as per https://cml.dev/doc/self-hosted-runners?tab=GitLab#personal-access-token"

[dacbd]

this can also be caused form permissions on forked repos.

For example commands like cml send-comment need write permissions on the repo:

[casperdcl]

@dacbd did you mean to close this?

[dacbd]

I did 🙃 but maybe this should be part of a larger effort to provide more custom errors instead of bubbling up errors from whatever source produced them?

ex:
if cml send-comment && driver == github && error == Resource not accessible by integration
link to docs for token write permissions

related: #606

[casperdcl]

looks like this issue is a distinct action point under #1058. Would keep it open until addressed. Specifically:

• better message for Resource not accessible by integration
• better message for Error: Forbidden as per this

[AllanCapistrano]

I fixed it creating a personal token, adding it to repo secrets and using ${{ secrets.MY_TOKEN }} in my actions file.