search

TimonVS / pr-labeler-action

Automatically labels your PRs based on branch name patterns like feature/* or fix/*.
MIT License
249 stars 52 forks source link

Permissions Needed for pr-labeler? #57

Closed danyeaw closed 1 year ago

danyeaw commented 2 years ago

To improve security of our repo, we recently set the default permissions for the token for the repository to read only to the contents scope. I am now trying to open backup permissions for this action so that it can write the label to the PR, but I am not having success. First I tried:

name: PR Labeler
on:
  pull_request_target:
    types: [opened]

permissions:
  pull_request: write

Then I tried adding issues write since I saw the octokit function being called was in the issues section. Finally I changed it to permissions: write-all. When I try to open a pull request I am getting:

Error: HttpError: Resource not accessible by integration
Error: Resource not accessible by integration

Do you know what specific permissions this action needs, and could we please document it in the README?

adrianthedev commented 2 years ago

We have the same issue on https://github.com/avo-hq/avo with forks. All PRs coming from forks fail this action with HttpError: Resource not accessible by integration.

I'd appreciate any guidance on how to make that work. Thanks!

https://github.com/avo-hq/avo/actions/runs/3072986671/jobs/4964828955