file-changes-action icon indicating copy to clipboard operation
file-changes-action copied to clipboard
verified publisher icon trilom

Warn about necessary permission

Open peterbe opened this issue 4 years ago • 2 comments

Is your feature request related to a problem? Please describe.

I encountered this error: Screen Shot 2021-12-08 at 1 31 06 PM

Cryptic! Turns out, the solution was this:

diff --git a/.github/workflows/link-check-all.yml b/.github/workflows/link-check-all.yml
index 510685a690a56..7c40cf65f5791 100644
--- a/.github/workflows/link-check-all.yml
+++ b/.github/workflows/link-check-all.yml
@@ -13,6 +13,8 @@ on:
 
 permissions:
   contents: read
+  # Needed for the 'trilom/file-changes-action' action
+  pull-requests: read
 
 jobs:
   build:

Describe the solution you'd like

It took me too long to figure that out. I'm still getting used to setting permissions on my workflows. Perhaps we can add this to the README or even possibly something like this:

  } catch (error) {
+  if (error.name === 'HttpError' && +error.status === 403) {
+    console.warn("Make sure your workflow as the 'pull-requests: read' permission.")
+}
    const eString = `There was an error getting change files for repo:${repo} owner:${owner} pr:${pullNumber}`
    let ePayload: string
    if (error.name === 'HttpError' && +error.status === 404)

Describe alternatives you've considered

n/a

Additional context

If it wasn't clear I'm suggesting any/either:

  • Add a troubleshooting section to the README
  • Wrap the HttpError and inject a possibly useful message about workflow permissions.

peterbe avatar Dec 08 '21 18:12 peterbe

Hey @peterbe, if I understand correctly, adding read permissions on pull-request was the only change you applied to make it work?

I've added the permissions block to my workflow but the issue still persists.

permissions:
  contents: read
  # Needed for the 'trilom/file-changes-action' action
  pull-requests: read

john-jerome avatar Feb 01 '22 13:02 john-jerome

@john-jerome Don't know what it could be. I confirmed that this is all I have:

permissions:
  contents: read
  # Needed for the 'trilom/file-changes-action' action
  pull-requests: read

and I'm able to use trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b in that Workflow.

But this action depends on the implicit GITHUB_TOKEN which is automatically made available in most contexts. See https://github.com/trilom/file-changes-action/blob/a6ca26c14274c33b15e6499323aac178af06ad4b/src/InputHelper.ts#L15

Perhaps whatever is running your workflow doesn't have access to GITHUB_TOKEN.

peterbe avatar Feb 01 '22 13:02 peterbe