action-semantic-pull-request icon indicating copy to clipboard operation
action-semantic-pull-request copied to clipboard

Published 20 hours ago verified publisher icon amannn

docs: miss permission for statuses: write

Open cebidhem opened this issue 1 year ago • 5 comments

Is your feature request related to a problem? Please describe.

It's not really a feature, but I was unable to make the action work with only permissions.pull-requests: read.

I had to add permissions.statuses: write. Indeed, after trying a lot of combinations, I tried permissions: write-all and noticed a new status check added. I don't know why I seem to be the only one though 🤔 The action runs in a public repo with the Action GITHUB_TOKEN.

Describe the solution you'd like

Add the mention in the docs. I'm willing to open a doc PR if you agree!

Describe alternatives you've considered

None.

cebidhem avatar May 24 '23 19:05 cebidhem

Thanks for the report! In this repository the action works with the documented settings so I guess there's some difference in your environment?

Are you using the wip feature, where write access is necessary?

In any case, a reproduction would be necessary to discuss this further.

amannn avatar May 25 '23 10:05 amannn

Hi @amannn,

Indeed I'm using it, and I have missed this mention 🤦‍♂️

I just ran a test with only pull-requests: write and it passes only for pull_request_target.types: [ opened, reopened, synchronize ]. The workflow that runs for pull_request.types: [ opened, reopened, synchronize ] still fails without statuses: write.

What's weird though, is that both workflows runs fine with

permissions:
  pull-requests: read
  statuses: write

Any idea why ?

cebidhem avatar May 25 '23 12:05 cebidhem

joining this :) Only when I added the statuses: write, it started working. It also doesn't throw any error if it misses permissions.

xdyfekete avatar Dec 23 '23 16:12 xdyfekete

I'm into this discussion. My setup (it works!):

name: Semantic Pull Request

on:
  pull_request_target:
    types:
      - opened
      - edited
      - synchronize

permissions:
  pull-requests: read
  statuses: write
  
jobs:
  semantic-pull-request:
    runs-on: ubuntu-latest
    steps:
      - name: Check pull request title
        uses: amannn/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          wip: true

@cebidhem - indeed, statuses: write solves the problem: Resource not accessible by integration error in my case. It seems to be legit, as the statuses scope is somewhat related to the wip input.

paduszyk avatar Feb 06 '24 23:02 paduszyk

@cebidhem You didn't include edited in types. Why?

paduszyk avatar Feb 06 '24 23:02 paduszyk