search

ataylorme / eslint-annotate-action

A GitHub action that takes ESLint results from a JSON file and adds them as annotated pull request comments
MIT License
88 stars 32 forks source link

Resource not accessible by integration #49

Closed Ridermansb closed 1 year ago

Ridermansb commented 1 year ago

Gettings this error

0 ESLint error(s) and 0 ESLint warning(s) found in pull request changed files.
0 ESLint error(s) and 0 ESLint warning(s) found in files outside of the pull request.

✖  fatal     Resource not accessible by integration

running eslint --ext .ts,.tsx --output-file eslint_report.json --format json .

with this GH action

      - name: Save Code Linting Report JSON
        run: yarn lint:report
        continue-on-error: true
      - name: Annotate Code Linting Results
        uses: ataylorme/eslint-annotate-action@v2
        with:
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
atsu85 commented 1 year ago

This error also happens for PRs created by dependabot. Based on issue created by GitHub bot this, it seems that checks: write is required.

I couldn't find anything related to granting custom permissions for dependabot for the repo:

Please let me know if you find a solution for dependabot, but currently i used following workaround to disable it for dependabot PRs:

      - name: Annotate Code Linting Results
        uses: ataylorme/eslint-annotate-action@v2
+        if: ${{ github.actor != 'dependabot[bot]' }} # dependabot doesn't have permissions
ataylorme commented 1 year ago

@atsu85 @Ridermansb this is a permission error with GITHUB_TOKEN when running from pull request from forks.

GITHUB_TOKEN for pull requests from forks is limited to read access and the Action requires write to status checks to do the annotations

For security reasons I would not encourage trying to bypass this. You might be able to use the github context to determine if a PR is from a fork and skip the annotation step with if as @atsu85 has shown an example of

You could still have the ESLint step prior run and fail if there are linting errors, there just won't be annotation