labeler icon indicating copy to clipboard operation
labeler copied to clipboard

Published 20 hours ago verified publisher icon actions

HttpError: Resource not accessible by integration

Open Yikun opened this issue 2 years ago • 3 comments 

Error: HttpError: Resource not accessible by integration
Error: Resource not accessible by integration

This error always happened since yesterday (before yesterday, it works for many years):

https://github.com/apache/spark/actions/runs/3200342170/jobs/5227121801 https://github.com/apache/spark/actions/runs/3200342170/jobs/5227121801

Yikun avatar Oct 07 '22 01:10 Yikun

Updating to v4.0.2 at least appears to fix this

tustvold avatar Oct 07 '22 11:10 tustvold

@tustvold Thanks, we also fixed by setting permission explicitly

permissions:
    contents: read
    pull-requests: write

see more in https://github.com/apache/spark/pull/38138

is it stable?

Yikun avatar Oct 07 '22 12:10 Yikun

I spoke too soon, will try your fix :sweat_smile:

tustvold avatar Oct 07 '22 12:10 tustvold

Hello @Yikun ! Sorry for the late response! It looks like you found out a solution. Can this issue be closed?

MaksimZhukov avatar Nov 02 '22 15:11 MaksimZhukov

@MaksimZhukov Yes, the issue had already resolved, but I'm still not sure it's a real problem or not, but it had real have behavior changes.

Maybe it should be closed by https://github.com/actions/labeler/pull/314, I guess?

Yikun avatar Nov 03 '22 01:11 Yikun

Here is the statement from the GitHub documentation:

The permissions for the GITHUB_TOKEN are initially set to the default setting for the enterprise, organization, or repository. If the default is set to the restricted permissions at any of these levels then this will apply to the relevant repositories. For example, if you choose the restricted default at the organization level then all repositories in that organization will use the restricted permissions as the default. The permissions are then adjusted based on any configuration within the workflow file, first at the workflow level and then at the job level.

I've created a workflow file without specifying the permissions key. Everything worked fine as long as my default permissions granted to GITHUB_TOKEN were permissive. It seems to me that your organization has restricted the default GITHUB_TOKEN permissions.

Also, I would like to mention that it is recommended to specify the permissions key in workflow file to configure the minimum required permissions for a workflow or job. This section was also included in the example in the README file in scope of the PR you mentioned.

I am closing the issue. Please contact us if you have any concerns.

MaksimZhukov avatar Dec 19 '22 16:12 MaksimZhukov

@MaksimZhukov Thanks for your help and info!

Yikun avatar Dec 20 '22 03:12 Yikun