Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: miss permission for statuses: write #233

Open
cebidhem opened this issue May 24, 2023 · 5 comments
Open

docs: miss permission for statuses: write #233

cebidhem opened this issue May 24, 2023 · 5 comments

Comments

@cebidhem
Copy link

Is your feature request related to a problem? Please describe.

It's not really a feature, but I was unable to make the action work with only permissions.pull-requests: read.

I had to add permissions.statuses: write. Indeed, after trying a lot of combinations, I tried permissions: write-all and noticed a new status check added.
I don't know why I seem to be the only one though 🤔 The action runs in a public repo with the Action GITHUB_TOKEN.

Describe the solution you'd like

Add the mention in the docs. I'm willing to open a doc PR if you agree!

Describe alternatives you've considered

None.
@amannn
Copy link
Owner

amannn commented May 25, 2023

Thanks for the report! In this repository the action works with the documented settings so I guess there's some difference in your environment?

Are you using the wip feature, where write access is necessary?

In any case, a reproduction would be necessary to discuss this further.

@cebidhem
Copy link
Author

Hi @amannn,

Indeed I'm using it, and I have missed this mention 🤦‍♂️

I just ran a test with only pull-requests: write and it passes only for pull_request_target.types: [ opened, reopened, synchronize ].
The workflow that runs for pull_request.types: [ opened, reopened, synchronize ] still fails without statuses: write.

What's weird though, is that both workflows runs fine with

permissions:
  pull-requests: read
  statuses: write

Any idea why ?

Rapportus added a commit to Rapportus/subsync that referenced this issue Jul 6, 2023
@Rapportus
ci: amannn/action-semantic-pull-request#233
6ddb67c
@xdyfekete
Copy link

joining this :)
Only when I added the statuses: write, it started working.
It also doesn't throw any error if it misses permissions.

@paduszyk
Copy link

paduszyk commented Feb 6, 2024

I'm into this discussion. My setup (it works!):

name: Semantic Pull Request

on:
  pull_request_target:
    types:
      - opened
      - edited
      - synchronize

permissions:
  pull-requests: read
  statuses: write
  
jobs:
  semantic-pull-request:
    runs-on: ubuntu-latest
    steps:
      - name: Check pull request title
        uses: amannn/[email protected]
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          wip: true

@cebidhem - indeed, statuses: write solves the problem: Resource not accessible by integration error in my case. It seems to be legit, as the statuses scope is somewhat related to the wip input.

@paduszyk
Copy link

paduszyk commented Feb 6, 2024

@cebidhem You didn't include edited in types. Why?

@orhun orhun mentioned this issue Feb 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@amannn @cebidhem @paduszyk @xdyfekete