search

bobheadxi / deployments

🔖 GitHub Action for working painlessly with deployment statuses
https://github.com/marketplace/actions/github-deployments
MIT License
385 stars 64 forks source link

Pull requests from dependabot throw Error: unexpected error encounterd: Resource not accessible by integration #32

Closed V3lop5 closed 3 years ago

V3lop5 commented 3 years ago

Hello,

when using this action I sometimes receive an error message like

Error: unexpected error encounterd: Resource not accessible by integration

Logs copied from this failed run:

Run bobheadxi/deployments@v0.5.2
  with:
    step: start
    token: ***
    logs: https://github.com/fhac-ewi/grid-optimizer/pull/82/checks
    env: PR #82 Review
    ref: dependabot/npm_and_yarn/src-frontend/types/node-15.3.0
    no_override: true
initializing deployment  for PR #82 Review @ dependabot/npm_and_yarn/src-frontend/types/node-15.3.0
Error: unexpected error encounterd: Resource not accessible by integration

Using this configuration in my workflow file:

      - name: Create GitHub deployment
        uses: bobheadxi/deployments@v0.5.2
        id: deployment
        with:
          step: start
          token: ${{ secrets.GITHUB_TOKEN }}
          logs: "https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}/checks"
          env: "PR #${{ github.event.pull_request.number }} Review"
          ref: ${{ github.head_ref }}

When I use re-run all jobs this action works without an error. For example this successful run.

Run bobheadxi/deployments@v0.5.2
  with:
    step: start
    token: ***
    logs: https://github.com/fhac-ewi/grid-optimizer/pull/82/checks
    env: PR #82 Review
    ref: dependabot/npm_and_yarn/src-frontend/types/node-15.3.0
    no_override: true
initializing deployment  for PR #82 Review @ dependabot/npm_and_yarn/src-frontend/types/node-15.3.0
created deployment 365549354 for PR #82 Review @ dependabot/npm_and_yarn/src-frontend/types/node-15.3.0
deployment status set to "in_progress"

Any ideas?

xt0rted commented 3 years ago

@V3lop5 this is due to token permissions. All PRs created by dependabot default to read now (see the announcement) so you'll need to set these on the workflow/job and grant deployments: write. The reason it works when you rerun the job is because the token is associated with your account instead of dependabot. If you look in the build log you can see what permissions the token has https://github.com/fhac-ewi/grid-optimizer/pull/82/checks?check_run_id=2596124426#step:1:15.

V3lop5 commented 3 years ago

Thanks alot. I missed that announcement.

In case anyone else run into this, simply add 

permissions: 
  deployments: write

as mentioned by @xt0rted to modifiy secrets.GITHUB_TOKEN permissions. This can be done on workflow or job level. In my case I added the deployments: write permission on job level:

job:
  deploy:
    runs-on: ubuntu-latest
    permissions: 
      deployments: write
    steps:
      - uses: actions/checkout@v2.3.4

      - name: Create GitHub deployment
        uses: bobheadxi/deployments@v0.5.2
        id: deployment
        with:
          step: start
          token: ${{ secrets.GITHUB_TOKEN }}
          logs: "https://github.com/${{ github.repository }}/pull/${{ github.event.pull_request.number }}/checks"
          env: "PR #${{ github.event.pull_request.number }} Review"
          ref: ${{ github.head_ref }}
xt0rted commented 3 years ago

Just ran into this error in one of my repos but it was while using a PAT. The user account the PAT was for didn't have write access to the repo since the org defaulted to read access for everyone. So this is another scenario that could result in this error. To fix it make sure the user account your PAT is for has write access either directly on the repo or through a team.