The use of Github App results in "403 Resource not accessible by integration"

[taneli-kantomaa]

Checks

• [X] I've already read https://github.com/actions/actions-runner-controller/blob/master/TROUBLESHOOTING.md and I'm sure my issue is not covered in the troubleshooting guide.
• [X] I'm not using a custom entrypoint in my runner image

Controller Version

0.27.6

Helm Chart Version

0.23.7

CertManager Version

1.12.1

Deployment Method

Helm

cert-manager installation

I have followed the instructions here:https://github.com/actions/actions-runner-controller/blob/master/docs/installing-arc.md

Cert-manager is working fine.

Checks

• [X] This isn't a question or user support case (For Q&A and community support, go to Discussions. It might also be a good idea to contract with any of contributors and maintainers if your business is so critical and therefore you need priority support
• [X] I've read releasenotes before submitting this issue and I'm sure it's not due to any recently-introduced backward-incompatible changes
• [X] My actions-runner-controller version (v0.x.y) does support the feature
• [X] I've already upgraded ARC (including the CRDs, see charts/actions-runner-controller/docs/UPGRADING.md for details) to the latest and it didn't fix the issue
• [X] I've migrated to the workflow job webhook event (if you using webhook driven scaling)

Resource Definitions

apiVersion: actions.summerwind.dev/v1alpha1
kind: RunnerDeployment
metadata:
  name: azure-github-runner
  namespace: azure-github-runner
  resourceVersion: "667378852"
  uid: 6640c03a-39b7-498e-8ec1-e117bf2143b6
spec:
  replicas: 1
  template:
    spec:
      dockerEnabled: false
      dockerdWithinRunnerContainer: false
      # we have pushed the public image to our private Azure Container Registry
      image: <REDACTED>.azurecr.io/summerwind/actions-runner:v2.319.1-ubuntu-22.04-1be410b
      labels:
      - azure-github-runner-prod
      repository: <REDACTED>/ansible-gitlab
status:
  availableReplicas: 1
  desiredReplicas: 1
  readyReplicas: 1
  replicas: 1
  updatedReplicas: 1

To Reproduce

See description below ("Describe the bug")

Describe the bug

Hi, I am trying to use Github App as the authentication method, but currently this results in an error "403 Resource not accessible by integration". The PAT authentication method works without problems. Here are the details:

--Setup aks cluster: v1.28.9 actions-runner-controller helm chart version: 0.23.7 controller-image version: 0.27.6

--Description I am trying to configure actions-runner-controller (with a Helm chart) to run Github actions from a repository (one single repository) in my Github organization (for this Organization I have an owner role). Everything works fine when I configure a PAT token, but when I try to replace the PAT token with a Github App (under the organization, not by using my personal account) I run into the following error: "403 Resource not accessible by integration" . As per my understanding the Github App configuration in Github as well as the values.yaml file for the helm chart installation have been configured correctly:

Github App (which is owned by the organization) has the following permissions: -Repository Permissions: Actions (read + write), Checks (read + write), Contents (read + write), Metadata (read), Workflows (read + write) -Organization Permissions: Self-hosted runners (Read + write)

Any help on this issue would be highly appreciated. Thank you.

Describe the expected behavior

I would be able to use the Github App authentication method instead of PAT.

Whole Controller Logs

https://gist.github.com/taneli-kantomaa/5067ee88a322465c08a7282a18c2fc99

Whole Runner Pod Logs

The runner pod does not start at all (or then it starts, but terminates immediately).

Additional Context

No response

[github-actions[bot]]

Hello! Thank you for filing an issue.

The maintainers will triage your issue shortly.

In the meantime, please take a look at the troubleshooting guide for bug reports.

If this is a feature request, please review our contribution guidelines.