Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when using fine-grained PAT #208

Closed
SamuelLarkin opened this issue May 10, 2023 · 10 comments
Closed

Error when using fine-grained PAT #208

SamuelLarkin opened this issue May 10, 2023 · 10 comments

Comments

@SamuelLarkin
Copy link

Hi,
first of all, diclaimer, I'm new to github actions. I'm trying to use your action to trigger some other action on some other repository. Not withstanding the fact that I have a PAT error, I'm getting a warning of deprecation.

Run peter-evans/repository-dispatch@v2
Deprecation: [@octokit/request-error] `error.code` is deprecated, use `error.status`.
    at RequestError.get (/home/runner/work/_actions/peter-evans/repository-dispatch/v2/dist/index.js:4221:21)
    at hasErrorStatus (/home/runner/work/_actions/peter-evans/repository-dispatch/v2/dist/index.js:43:25)
    at /home/runner/work/_actions/peter-evans/repository-dispatch/v2/dist/index.js:[7](https://github.com/SamuelLarkin/Common-Voice-private-sentence-lists/actions/runs/4938170025/jobs/8827572915#step:2:8)1:17
    at Generator.throw (<anonymous>)
    at rejected (/home/runner/work/_actions/peter-evans/repository-dispatch/v2/dist/index.js:32:65)
    at processTicksAndRejections (node:internal/process/task_queues:[9](https://github.com/SamuelLarkin/Common-Voice-private-sentence-lists/actions/runs/4938170025/jobs/8827572915#step:2:10)6:5)
Error: Resource not accessible by personal access token
@peter-evans
Copy link
Owner

peter-evans commented May 11, 2023
edited
Loading

Hi @SamuelLarkin

Are you using a fine-grained PAT? They are in beta and may not work for all GitHub APIs yet. Please try with a "classic" PAT.

(The deprecation warning is not the cause of the error)

@Sicness
Copy link

Sicness commented May 12, 2023

I have the same issue.

  - name: Trigger develop env deployment
    uses: peter-evans/repository-dispatch@v2.1.1
    with:
      event-type: develop_commit
      client-payload: '{"version": "${{ steps.long_version.outputs.LONG_VERSION }}"}'

Run peter-evans/repository-dispatch@v2.1.1
Error: Resource not accessible by integration
Deprecation: [@octokit/request-error] error.code is deprecated, use error.status.
at RequestError.get (/home/runner/work/_actions/peter-evans/repository-dispatch/v2.1.1/dist/index.js:4221:21)
at hasErrorStatus (/home/runner/work/_actions/peter-evans/repository-dispatch/v2.1.1/dist/index.js:43:25)
at /home/runner/work/_actions/peter-evans/repository-dispatch/v2.1.1/dist/index.js:71:17
at Generator.throw ()
at rejected (/home/runner/work/_actions/peter-evans/repository-dispatch/v2.1.1/dist/index.js:32:65)
at processTicksAndRejections (node:internal/process/task_queues:96:5)

PAT is not used because the target workflow in the same repo.

@peter-evans
Copy link
Owner

Hi @Sicness

Your case is different. Error: Resource not accessible by integration often occurs when the workflow is being run in a pull request triggered by a fork. Is that how you are executing this?

When using the default GITHUB_TOKEN in this way the maximum permission it can have is read.
https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

@peter-evans peter-evans changed the title Possible use of deprecated library Error when using fine-grained PAT May 12, 2023
@Sicness
Copy link

Sicness commented May 12, 2023

Hi @peter-evans , thanks for the response.

The initial workflow is triggered by a push into the repo. My goal is to build the app on new commits in a branch and trigger deployment workflow from the first workflow. Looks like in that case I'll have to specify token? It's not obvious from the README :)

@peter-evans
Copy link
Owner

@Sicness It's difficult to say without seeing your workflow.

Are you specifying contents: write permission for the default token in your workflow?

permissions:
  contents: write

e.g. https://github.com/peter-evans/repository-dispatch/blob/main/.github/workflows/ci.yml#LL14C1-L16C18

@Sicness
Copy link

Sicness commented May 12, 2023

@peter-evans , So, I created the token with contents: write and now it works. Thank you. The only comment from my side that it would be good to add a comment that in some cases it will be required to specify a token even if the target workflow in the same repo. For example when the initial workflow is triggered by on.push.branches.
Thanks!

@AltFreq07
Copy link

Thanks adding content write fixed my fine grained token issue too

@SamuelLarkin
Copy link
Author

@peter-evans Yes, I'm using a fine-grained PAT.

@BrunoJuchli
Copy link
Contributor

Just to make it crystal clear: using a fine-grained PAT to notify a different repository works.
Two people on my team (me one of them) tested this independently on two different repos.

@peter-evans
Copy link
Owner

@BrunoJuchli Thank you for confirming and raising a PR to update the readme.

Fine-grained PAT usage is now documented here: https://github.com/peter-evans/repository-dispatch#token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Sicness @BrunoJuchli @SamuelLarkin @peter-evans @AltFreq07