Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Throws a "Resource not accessible by integration" error #9

Open
raisedadead opened this issue Jun 15, 2022 · 3 comments
Open

Throws a "Resource not accessible by integration" error #9

raisedadead opened this issue Jun 15, 2022 · 3 comments
Labels
bug Something isn't working

Comments

@raisedadead
Copy link

We are seeing a "Resource not accessible by integration" when this is run. Here is our workflow file: https://github.com/freeCodeCamp/freeCodeCamp/actions/runs/2503722663/workflow

Expected Behavior

The workflow should leave a comment on the PR by a first-timer.

Current Behavior

The workflow runs error out.

Possible Solution

Not sure how to approach debugging this better.

Steps To Reproduce

Here is a run with debug logs enabled to help analyze the issue: https://github.com/freeCodeCamp/freeCodeCamp/runs/6906136489?check_suite_focus=true#step:2:31

Error Message & Stack Trace

##[debug]Evaluating condition for step: 'Run wow-actions/welcome@v1'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Run wow-actions/welcome@v1
##[debug]Loading inputs
##[debug]Evaluating: secrets.GITHUB_TOKEN
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'GITHUB_TOKEN'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Loading env
Run wow-actions/welcome@v1
  with:
    GITHUB_TOKEN: ***
    FIRST_PR_MERGED: #### :sparkles: :tada: **AWESOME!** :tada: :sparkles:
  
  Hi @{{ author }},
  
  Thanks for this pull request and for contributing to the code-base for the first time. We are looking forward to more contributions from you in the future.
  
  Cheers & happy contributing!
  
##[debug]event: pull_request
##[debug]action: closed
Error: HttpError: Resource not accessible by integration
Error: Resource not accessible by integration
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Run wow-actions/welcome@v1

Additional Context

We have set up the workflow as recommended in the docs for the workflow.

Your Environment

GitHub Actions on Ubuntu 20.04

@raisedadead raisedadead added the bug Something isn't working label Jun 15, 2022
@github-actions
Copy link

Hi 👋 @raisedadead

Thanks for opening your first issue here! Be sure to follow the issue template!

@rajbos
Copy link

rajbos commented May 13, 2023

Hi folks, I just ran into this one as well. I think this comes from the changes that where made going from pull_request to pull_request_target, with these differences in the new triggers:

pull_request

Runs in the context of the pull_request source, so the repo that has the changes. These incoming changes might have security issues, and therefor have less authorizations: e.g. they are not allowed to write to the PR (that could potentially lead to approving the PR for example :-) ), or write to the .github/worfklows folder.
This also prevents access to any secrets that might be in the repo, as that could lead to secrets being leaked to anyone sending in a PR

pull_request_target

This setup now has full access to the repos, so it can write to PR's, has access to secrets, etc.

Next step

I'm not sure how we can create comments on the PR, without running on pull_request_target (which I do not recommend for all the security reasons above).

@rajbos
Copy link

rajbos commented May 13, 2023

Tagging @bubkoo and @KeisukeYamashita for visibility 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants