github-tag-action icon indicating copy to clipboard operation
github-tag-action copied to clipboard

Published 20 hours ago verified publisher icon mathieudutour

Error: Resource not accessible by integration when tagging old commit

Open petetaxi-test opened this issue 2 years ago • 6 comments

I have an action which is triggered through the GitHub UI, which takes a commit_id as a parameter.

If I specify the latest commit in the repo, the action runs fine.

However, if I specify the commit before (or any previous commit) the tag step fails with an error "Resource not accessible by integration". I understand this is normally a permission problem, but my workflow has full write permissions (and also, what is the different with older commits?).

The behaviour is the same for both lightweight and annotated tags.

on:
  workflow_dispatch:
    inputs:
      commit_id:
        description: The id of the commit to create a release from
        required: true
      custom_version:
        description: The version number tag. Omit to bump from the previous version.

name: Create Release
permissions: write-all

jobs:
  create_release:
    name: Create Release
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          custom_tag: ${{ github.event.inputs.custom_version }}
          commit_sha: ${{ github.event.inputs.commit_id }}
          create_annotated_tag: true

Output from the action is as follows.

Run mathieudutour/[email protected]
  with:
    github_token: ***
    commit_sha: f52348cda805f90c7baa6ae6c25ffd641f7a88bb
    create_annotated_tag: true
    default_bump: patch
    default_prerelease_bump: prerelease
    tag_prefix: v
    release_branches: master,main
    fetch_all_tags: false
    dry_run: false
Previous tag was v0.1.1, previous version was 0.1.1.
Analysis of 0 commits complete: no release
New version is 0.1.2.
New tag after applying prefix is v0.1.2.
Changelog is ### REDACTED
.
Error: Resource not accessible by integration

Debug logging shows the following (some parts omitted).

...
::set-output name=new_tag::v0.1.2
##[debug]steps.tag_version.outputs.new_tag='v0.1.2'
Changelog is ### *** REDACTED
##[debug]
##[debug]'
##[debug]Creating annotated tag.
##[debug]Pushing new tag to the repo.
Error: Resource not accessible by integration
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Bump version and push tag

petetaxi-test avatar Jul 12 '22 10:07 petetaxi-test

Update: the action completes successfully if the specified commit is the HEAD of any branch, and fails if it is not. That is unclear, as the branch isn't mentioned in the parameters to the action, or the error message.

petetaxi-test avatar Jul 13 '22 09:07 petetaxi-test

We have the same issue.

lsalehar avatar Sep 29 '22 13:09 lsalehar

~~I'm experiencing the same issue~~

Looks like it actually worked for me when using a PAT as opposed to the baked in GITHUB_TOKEN secret 🤔

robbienohra avatar Oct 01 '22 00:10 robbienohra

One brute-force approach you can use is to ensure the default GITHUB_TOKEN has "read and write" access in your repo.

image

jrgoldfinemiddleton avatar Feb 09 '23 07:02 jrgoldfinemiddleton

following the approach on this docs page with the permissions statement fixed this issue for me https://docs.github.com/en/actions/security-guides/automatic-token-authentication#example-2-calling-the-rest-api

...
jobs:
  build:
    permissions:
      contents: write
...

Failed run: https://github.com/JMaio/actions-playground/actions/runs/4153264354 After updating: https://github.com/JMaio/actions-playground/actions/runs/4153296606

JMaio avatar Feb 11 '23 21:02 JMaio