Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn about necessary permission #129

Open
peterbe opened this issue Dec 8, 2021 · 2 comments
Open

Warn about necessary permission #129

peterbe opened this issue Dec 8, 2021 · 2 comments

Comments

@peterbe
Copy link

peterbe commented Dec 8, 2021

Is your feature request related to a problem? Please describe.

I encountered this error:
Screen Shot 2021-12-08 at 1 31 06 PM

Cryptic! Turns out, the solution was this:

diff --git a/.github/workflows/link-check-all.yml b/.github/workflows/link-check-all.yml
index 510685a690a56..7c40cf65f5791 100644
--- a/.github/workflows/link-check-all.yml
+++ b/.github/workflows/link-check-all.yml
@@ -13,6 +13,8 @@ on:
 
 permissions:
   contents: read
+  # Needed for the 'trilom/file-changes-action' action
+  pull-requests: read
 
 jobs:
   build:

Describe the solution you'd like

It took me too long to figure that out. I'm still getting used to setting permissions on my workflows.
Perhaps we can add this to the README or even possibly something like this:

  } catch (error) {
+  if (error.name === 'HttpError' && +error.status === 403) {
+    console.warn("Make sure your workflow as the 'pull-requests: read' permission.")
+}
    const eString = `There was an error getting change files for repo:${repo} owner:${owner} pr:${pullNumber}`
    let ePayload: string
    if (error.name === 'HttpError' && +error.status === 404)

Describe alternatives you've considered

n/a

Additional context

If it wasn't clear I'm suggesting any/either:

  • Add a troubleshooting section to the README
  • Wrap the HttpError and inject a possibly useful message about workflow permissions.
@john-jerome
Copy link

Hey @peterbe, if I understand correctly, adding read permissions on pull-request was the only change you applied to make it work?

I've added the permissions block to my workflow but the issue still persists.

permissions:
  contents: read
  # Needed for the 'trilom/file-changes-action' action
  pull-requests: read

@peterbe
Copy link
Author

peterbe commented Feb 1, 2022

@john-jerome Don't know what it could be.
I confirmed that this is all I have:

permissions:
  contents: read
  # Needed for the 'trilom/file-changes-action' action
  pull-requests: read

and I'm able to use trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b in that Workflow.

But this action depends on the implicit GITHUB_TOKEN which is automatically made available in most contexts.
See

file-changes-action/src/InputHelper.ts

Line 15 in a6ca26c

coreGetInput('githubToken') || process.env.GITHUB_TOKEN || false

Perhaps whatever is running your workflow doesn't have access to GITHUB_TOKEN.

@davorpa davorpa mentioned this issue Aug 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterbe @john-jerome