gh-find-current-pr icon indicating copy to clipboard operation
gh-find-current-pr copied to clipboard
verified publisher icon jwalton

action fails unless actions have write permissions

Open whitney opened this issue 2 years ago • 2 comments

Summary

Our org recently upgraded to Github enterprise and found that workflows using this action would fail with a message "Resource not accessible by integration"

Version

1.3.0

Description

The gh-find-current-pr action fails when granted read-only access at the Enterprise > policies > actions level. It succeeds when we grant read/write access to Github actions. I cannot think of why this action would need write access.

whitney avatar Jan 02 '24 17:01 whitney

Ran into this too, it looks like all this script does is call listPullRequestsAssociatedWithCommit so perhaps the permissions on that (via octokit) are wonky?

comp615 avatar Jan 25 '24 17:01 comp615

just tested, you do not need write, you only need to elevate the permission for pull-requests: read. The default read in the github action pages only set read for content and packages. The rest are all set as none.

This is what I used for my permission

permissions:
  actions: read
  attestations: none
  checks: read
  contents: read
  deployments: read
  id-token: none
  issues: read
  packages: none
  pages: none
  pull-requests: read
  repository-projects: none
  security-events: none
  statuses: none

random-donuts avatar May 02 '24 05:05 random-donuts