graphql-inspector icon indicating copy to clipboard operation
graphql-inspector copied to clipboard

Published 20 hours ago verified publisher icon kamilkisiela

Resource not accessible by integration

Open leonard-henriquez opened this issue 1 year ago • 7 comments

Issue workflow progress

Progress of the issue based on the Contributor Workflow

  • [ ] 1. The issue provides a reproduction available on GitHub, Stackblitz or CodeSandbox

    Make sure to fork this template and run pnpm generate in the terminal.

    Please make sure the Codegen and plugins version under package.json matches yours.

  • [ ] 2. A failing test has been provided
  • [ ] 3. A local solution has been provided
  • [ ] 4. A pull request is pending review

Describe the bug

When we run the github action we get the error: "Resource not accessible by integration" Screenshot 2023_12_05_000213

To Reproduce Steps to reproduce the behavior:

Our .github/workflows/continuous_integration.yml

name: continuous_integration
on:
  push:
    branches:
      - main
      - staging

permissions:
  id-token: write   # This is required for requesting the JWT
  contents: read    # This is required for actions/checkout

jobs:
  breaking_changes_graphql:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - name: Install dependencies
        uses: ./.github/actions/pnpm-install-action

      - uses: kamilkisiela/graphql-inspector@master
        with:
          schema: 'main:schema.graphql'

Expected behavior

I would expect the github action to finish with a report

Environment:

  • OS: ubuntu
  • graphql-inspector@master

Additional context

leonard-henriquez avatar Dec 04 '23 23:12 leonard-henriquez

@kamilkisiela is this repo still under active maintenance ?

leonard-henriquez avatar Dec 12 '23 11:12 leonard-henriquez

Yes

kamilkisiela avatar Dec 12 '23 12:12 kamilkisiela

Awesome ! @kamilkisiela Do you have any idea what this error mean? I can't find this message in this codebase. I have no clue how to debug this error...

leonard-henriquez avatar Dec 12 '23 15:12 leonard-henriquez

It works when I add all permissions. Any ideas what are the ones needed ? Screenshot 2023_12_13_000239

leonard-henriquez avatar Dec 13 '23 14:12 leonard-henriquez

image Mine looks like this and gets the same error. I have set check to write as the docs say here: image

Will have to go through and enable each one to see which stops this from working

ljukas avatar Dec 15 '23 12:12 ljukas

I think you also need the pull-requests: read permission. I ran into the same issue & traced it back to getAssociatedPullRequest failing.

https://github.com/kamilkisiela/graphql-inspector/blob/e77738accd6406e83f4376d86e87f87ffd0effd0/packages/action/src/run.ts#L51

It makes an API call to GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls which requires read permissions on pull requests.

billdybas avatar Dec 27 '23 03:12 billdybas

@leonard-henriquez After thorough investigation, I discovered that this is the bare minimum permission required for the action to run.

permissions:
  contents: read 
  pull-requests: write
  checks: write

glg-satish-tripathi avatar Jun 07 '24 10:06 glg-satish-tripathi