`gh pr edit --add-reviewer` Don't acquire organizational teams if it's not necessary

[wzshiming]

Describe the feature or problem you’d like to solve

In Github Action

$ gh pr edit --add-reviewer [login]
error fetching organization teams: Resource not accessible by integration

The Github Action TOKEN does not provide this permission Don't acquire organizational teams if it's not necessary

Proposed solution

Better integration with Github Actions

Additional context

[mislav]

Thanks for reporting!

This one is tricky. I generally agree that it doesn't make sense for an --add-reviewer <user> operation to require reading org teams, but right now we preload all review requests for the PR, including teams. Then, we replace values based on the final product after applying all --add-reviewer and --remove-reviewer values: https://github.com/cli/cli/blob/7e7735d450827faf2cf317130bfbcaa76d43b811/pkg/cmd/pr/edit/edit.go#L231-L239

To fix this, we would have to stop preloading all previous reviewers when only --add-reviewer was used and use the union: true parameter when adding new reviewers to preserve previous review requests that may exist. Fixing this would also fix a race condition similar to https://github.com/cli/cli/issues/4835

[wzshiming]

@mislav Hi I would like to know when this Bug will be fixed. the /cc of my gh-ci-bot that relies on gh this ability

[mislav]

@wzshiming It's being worked on (see linked PR) and most likely fixed in the next release.

[wzshiming]

Understand thank you

[wzshiming]

@mislav Any update?

[mislav]

No, I was a bit stuck on the query aspect of the PR that's linked to this issue, but I plan to get back to it and finish the fix so that this can ship with the next release.

[wzshiming]

hi, @mislav any update?

[CraigSiemens]

We ran into this issue as well. We're going to try using another token instead of GITHUB_TOKEN.

Is there a permission that could be added to the workflow to avoid this issue? I saw metadata was mentioned in another thread but that appears to be a default that set for the token.

[dlangonef]

Hi! I'm having the same issue when trying to create an action to execute this command gh pr edit ${{ github.event.pull_request.html_url }} --add-reviewer {reviewer}. Is there another way to do this?

When I try to use my PAT, I ran into this error gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable., so I'm not sure if I can make it run with my PAT.

Thank you in advance!

[mislav]

@CraigSiemens If a Personal Access Token (PAT) is being used, then the scopes you should add is read:org and then additionally authorize the token to access the organization in question.

@dlangonef You can absolutely use your PAT with GitHub CLI. Per the error message you received, just ensure that the GH_TOKEN environment variable was set for your workflow step:

env:
  GH_TOKEN: ${{ secrets.MY_PAT }}

[jgleonard-takeda]

In case anybody is looking for a workaround, you can use the API via Curl instead.

          curl -X POST \
            -H "Accept: application/vnd.github+json" \
            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\
            -H "X-GitHub-Api-Version: 2022-11-28" \
            https://api.github.com/repos${{ github.owner }}/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
            -d '{"reviewers":["abc","xyz"],"team_reviewers":["devs"]}'

[richardsimko]

Curl didn't work for me but using the Github CLI one can send API requests directly as shown in the docs. This works for adding reviewers in Github actions with minimal permissions:

permissions:
  contents: write
  pull-requests: write

...

      - name: Add reviewer
        run: |
            gh api \
            --method POST \
            -H "Accept: application/vnd.github+json" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            /repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
            -f "reviewers[]=foouser" \
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

https://docs.github.com/en/rest/pulls/review-requests?apiVersion=2022-11-28#request-reviewers-for-a-pull-request

[wingleung]

Kickstarted the PR again 👉 #9037 , when only using --add-reviewer it will not fetch the previous reviewers in the PR fetch + union will be set to true to add the reviewer to the existing set of reviewers on the backend side.