Open mrousavy opened 3 years ago
Hi @mrousavy,
GitHub have reduced the permissions set to the GITHUB_TOKEN
passed to the Dependabot pull request due to security reasons:
As listed in the article, you can change the on
value to pull_request_target
in the action workflow which should help with the permission issue, but it's is considered as a potential sercurit risk, as described in the security blogpost:
I'm not sure if I can handle this issue more gracefully on the action side, but I will try to investigate the possible solutions or, at least, how to improve docs and DX in this case.
Hi!
I'm getting the error
Error: Resource not accessible by integration
when the action runs on a PR created by a GitHub integration (dependabot). This makes the CI fail, I think it'd be better to just skip the workflow if it really can't run for integrations, if it can then this is a bug report :)This is the PR: https://github.com/cuvent/react-native-vision-camera/pull/158