atlantis icon indicating copy to clipboard operation
atlantis copied to clipboard

Published 20 hours ago verified publisher icon runatlantis

Unable to update status at url via Github App

Open pomcho555 opened this issue 1 year ago • 12 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Overview of the Issue

I set up an Atlantis bot with GitHub App. The bot does comments on my PR, but it can't update commit statuses. I allowed necessary permissions defined in the document. I think it's enough to update status.

Do I miss something?

Reproduction Steps

I deployed atlantis via the official Fargate module

module "atlantis" {
  source  = "terraform-aws-modules/atlantis/aws"
  version = "~> 3.0"

  name = "atlantis"

  # VPC
  cidr            = "10.20.0.0/16"
  azs             = ["us-west-2a", "us-west-2b", "us-west-2c"]
  private_subnets = ["10.20.1.0/24", "10.20.2.0/24", "10.20.3.0/24"]
  public_subnets  = ["10.20.101.0/24", "10.20.102.0/24", "10.20.103.0/24"]

  # DNS (without trailing dot)
  route53_zone_name = "atlantis.example.com"

  # Atlantis
  atlantis_github_app_id  = "xxxxxx"
  atlantis_github_app_key = data.local_file.secret_key.content
  atlantis_repo_allowlist = ["github.com/omajinaiHouse/*"]

  atlantis_github_webhook_secret = "xxxxxxx"
}

Added permissions for my Github App

  • Administration: Read-only
  • Checks: Read and Write
  • Commit statuses: Read and Write
  • Contents: Read and Write
  • Issues: Read and Write
  • Metadata: Read-only
  • Pull requests: Read and Write
  • Webhooks: Read and Write
  • Members: Read-only

Logs

Logs 
{
    "level": "error",
    "ts": "2023-03-31T05:26:24.851Z",
    "caller": "vcs/instrumented_client.go:210",
    "msg": "Unable to update status at url: , error: POST https://api.github.com/repos/omajinaiHouse/test-atlantis/statuses/xxxxxxxxx: 403 Resource not accessible by integration []",
    "json": {
        "repository": "omajinaiHouse/test-atlantis",
        "pull-num": "1"
 }

Environment details

As I mentioned above, I used default configuration in the module.

Additional Context

I also have the same issue going through roll my own using EC2 and systemd. I think this issue isn't inside the terraform module.

Furthermore, I made test bench for the investigation as public repository, you can see actual behavior of that bot with you browsing the pr.

https://github.com/omajinaiHouse/test-atlantis/pull/1

pomcho555 avatar Mar 31 '23 06:03 pomcho555