Submission failed, and "403 Forbidden" is reported

[zhutmost]

First thanks for your great jobs.

I use the same action yaml in your README, but it fails. The log shows little information, so that I don't know what happened.

It reported a 403 forbidden bug. The action log is as follows.

Run ckipp01/mill-dependency-submission@v1
::add-mask::***
/home/runner/work/*reponame*/*reponame*/mill --no-server --import ivy:io.chris-kipp::mill-github-dependency-graph::0.2.7 io.kipp.mill.github.dependency.graph.Graph/submit
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 57.0M  100 57.0M    0     0   101M      0 --:--:-- --:--:-- --:--:--  101M
Preparing Java 21.0.3 runtime; this may take a minute or two ...
[info] compiling 1 Scala source to /home/runner/work/*reponame*/*reponame*/out/mill-build/compile.dest/classes ...
[info] done compiling
Submitting your snapshot to GitHub...
1 targets failed
io.kipp.mill.github.dependency.graph.Graph.submit java.lang.Exception: It looks like something went wrong when trying to submit your dependency graph.

[403] Forbidden
    io.kipp.mill.github.dependency.graph.Github$.submit(Github.scala:73)
    io.kipp.mill.github.dependency.graph.Graph$.$anonfun$submit$2(Graph.scala:17)
    scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.scala:18)
Error: Error: The process '/home/runner/work/*reponame*/*reponame*/mill' failed with exit code 1

[ckipp01]

Hey @zhutmost did you make sure to enable the dependency graph for your repo?

[zhutmost]

Hi @ckipp01 . Yes, I have confirmed. The screenshot is attached.

[zhutmost]

Are there any configurations (such as tokens) that need to be set up?

[zhutmost]

Hi, @ckipp01 . I have read some issues in other similar repositories for the dependency graph generation.

In this issue, they mentioned that the private repositories can submit graph dependencies only if they have activated a GitHub's paid feature (GHAS).

You can consider optimizing the error message output like what they have done in the above issue. So that the users can get necessary information.

[zhutmost]

@ckipp01 , I solve this problem by adding these two lines into my workflow yaml.

# The API requires write permission on the repository to submit dependencies
permissions:
  contents: write

So that the GITHUB_TOKEN has the write permission. You may consider adding this to your README.

[ckipp01]

Hey @zhutmost, sure feel free to send in a pr adding this. However I'd recommend adding it to the readme in https://github.com/ckipp01/mill-dependency-submission.