action-semantic-pull-request icon indicating copy to clipboard operation
action-semantic-pull-request copied to clipboard
verified publisher icon amannn

Error: Resource not accessible by integration

Open ArthurFlag opened this issue 1 year ago • 3 comments

Describe the bug

When the action runs, I get the following error message:

Error: Resource not accessible by integration

I use the following job declaration, essentially comming from the docs:

Display job 
name: Check PR title

permissions:
  pull-requests: write

on:
  pull_request:
    types:
      - opened
      - edited
      - synchronize

jobs:
  main:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
      - uses: amannn/action-semantic-pull-request@v5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          wip: true
          ignoreLabels: |
            automated-pr
          types: |
            fix
            feat
            update
            add
            delete
          headerPattern: '^(\w*)(?:\(([\w$.\-*/ ]*)\))?: (.*)$'
          headerPatternCorrespondence: type, scope, subject

My repo gives:

  • all access to workflows and reusable actions.
  • read and write permissions workflows
  • doesn't expect forks, but I've tried pull_request and pull_request_target. Same error.

To reproduce

Follow the install instructions, and open a PR to trigger the action.

ArthurFlag avatar Jan 17 '24 08:01 ArthurFlag

I'm facing the same issue, and I also added

permissions:
  pull-requests: read

to my job.

Here's the entire workflow file, which was copy pasted from the readme:

name: 'Lint PR'

on:
  pull_request_target:
    types:
      - opened
      - edited
      - synchronize

permissions:
  pull-requests: read

jobs:
  main:
    name: Validate PR title
    runs-on: ubuntu-latest
    steps:
      - uses: amannn/action-semantic-pull-request@v5
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          wip: true
      - uses: marocchino/sticky-pull-request-comment@v2
        # When the previous steps fails, the workflow would stop. By adding this
        # condition you can continue the execution with the populated error message.
        if: always() && (steps.lint_pr_title.outputs.error_message != null)
        with:
          header: pr-title-lint-error
          message: |
            We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted.

            Details:

            ```
            ${{ steps.lint_pr_title.outputs.error_message }}
            ```

      # Delete a previous comment when the issue has been resolved
      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
        uses: marocchino/sticky-pull-request-comment@v2
        with:
          header: pr-title-lint-error
          delete: true

harrisrobin avatar Jan 18 '24 16:01 harrisrobin

Same story here.

After some testing I found that for some reason the minimum permissions set seems to be

permissions:
  pull-requests: read
  statuses: write

This fixes the workflow, but afaik it shouldn't need the statuses: write permission

briferz avatar Feb 13 '24 19:02 briferz

It is related with wip option: https://github.com/amannn/action-semantic-pull-request/blob/main/src/index.js#L141. While using wip the action tries to add status to the PR.

aamkye avatar Mar 26 '24 09:03 aamkye