use this action on a private repo

[staabm]

I try to build a workflow in which I copy a file from a source repo into a dest repo while using pull requests.

my workflow which is triggered via a slash-command (thx for another great action ;-)) looks like

name: Sync automation templates into our php repositories

on:
  repository_dispatch:
    types: [sync-command] # triggered by /sync PR comment

jobs:

  template-sync:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
      with:
        token: ${{ secrets.STAABM_TOKEN }}
        repository: complex-gmbh/php-automation-templates
        ref: master
        path: templates-master

    - uses: actions/checkout@v2
      with:
        token: ${{ secrets.STAABM_TOKEN }}
        repository: complex-gmbh/kunzmann
        ref: production
        path: kunzmann
        
    - run: |
        cp templates-master/templates/pr-badge-fast-track.yml kunzmann/.github/pr-badge-fast-track.yml
        
    - name: Create Pull Request
      uses: peter-evans/create-pull-request@v2
      with:
        path: kunzmann
        token: ${{ secrets.STAABM_TOKEN }}

I am wondering that I can see "permisson-errors" and got the impression that this create-pull-request action might not work for private repos?

[peter-evans]

Hi @staabm

I know that the action works fine for private repositories when the PR is being created in the current repository. What it looks like you are doing here is creating the PR in a private remote repository. I don't think I've tested that personally, but I would be surprised if it was a use case that didn't work.

I understand complex-gmbh/kunzmann is private. What about the repository that this workflow is running in? Can you confirm that the PAT in use as STAABM_TOKEN was created on an account that has write access to the repository?

[peter-evans]

I added a test to my test suite for creating a PR in a remote private repository. It passes and creates the PR fine.

Test: https://github.com/peter-evans/create-pull-request-tests/blob/master/.github/workflows/test-command.yml#L539-L560
Test run: https://github.com/peter-evans/create-pull-request-tests/runs/569547042?check_suite_focus=true

So I'm fairly sure the issue is that the STAABM_TOKEN PAT doesn't have sufficient permission to access the complex-gmbh/kunzmann repository.

[staabm]

I understand complex-gmbh/kunzmann is private. What about the repository that this workflow is running in? Can you confirm that the PAT in use as STAABM_TOKEN was created on an account that has write access to the repository?

Thx for the feedback.

I have only private reposes at play. a private repo for the templates, a private repo in which the action is run and a private repo I want to commit into (all within the same org)

Maybe the problem is that the „production“ branch which was checked out successfully has branch protection rules?

I will check the PAT again, thx for the hint

[staabm]

hmm it seems I really did something wrong while copy/pasting the token.

thanks again, it works now.