Change in permissions with v3.1.0+? Failing builds with merge queues.

[Knifa]

Hi folks!

We use nrwl/nx-set-shas@v3 so got taken along with the v3.1.0+ release yesterday.
We use merge queues in our repository.
Our branch PR builds are working fine but the merge queue build is failing with a permissions error.

Workflow gets triggered with:

name: Build
on:
  merge_group:
  push:
    branches-ignore:
      # No need to test on main, since we have a merge queue.
      - main
      - gh-readonly-queue/main/*

Then the error from one of our MQ builds:

Run nrwl/nx-set-shas@v3
Run node "$GITHUB_ACTION_PATH/dist/index.js" "$gh_token" "$main_branch_name" "$error_on_no_successful_workflow" "$last_successful_event" "$working_directory" "$working_id"

Found PR #18428 from merge queue branch
Error: Resource not accessible by integration
Error: Process completed with exit code 1.

We've the permissions globally in the workflow:

permissions:
  id-token: write
  contents: read
  packages: read
  actions: read
  statuses: read

And the snippet which uses the action:

      - name: Derive appropriate SHAs for base and head for `nx affected` commands
        uses: nrwl/nx-set-shas@v3

Any ideas?

[davidhoeck]

Having the same problem.

[mrfelton]

This is still an issue for me even with the latest release. Had to revert back to v3.0.2 in order to get it work on merge_group events again.

[meeroslav]

@mrfelton can you share what doesn't work for you exactly or open a new issue?

[vietd24-philips]

@mrfelton @meeroslav as posted in #127 the issue is resolved when adding this to the permissions scopes as well:

      pull-requests: read

[meeroslav]

Thank you @vietd24-philips. Feel free to propose a PR to update the documentation.