search

cypress-io / github-action

GitHub Action for running Cypress end-to-end & component tests
https://on.cypress.io/guides/continuous-integration/github-actions
MIT License
1.35k stars 357 forks source link

Auto-Detect PR error on Workflow dispatch, resource not accessible #1208

Closed Cellule closed 2 months ago

Cellule commented 2 months ago

Since there's no PR information on a workflow_dispatch the action will try to fetch it https://github.com/cypress-io/github-action/blob/f6f2cc1665fa2dcd75170785c5dcaad1fe01fb24/index.js#L474-L497

However, even though the call is in a try/catch it still errors my whole run.

Unable to fetch related PR data for commit: '46a72ff9cd29aeaa59f536eee6c008e3ffbcf56d':  RequestError [HttpError]: Resource not accessible by integration
    at /home/runner/work/_actions/cypress-io/github-action/v6/dist/index.js:41343:21
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async detectPrNumber (/home/runner/work/_actions/cypress-io/github-action/v6/dist/index.js:7[48](https://github.com/MaintainX/maintainx/actions/runs/9684418723/job/26722269427#step:17:49)81:22)
    at async runTests (/home/runner/work/_actions/cypress-io/github-action/v6/dist/index.js:75152:3) {

Right now I suspect it fails because we are using the following permissions on the job

permissions:
      contents: read # Required to checkout source code
      id-token: write # Required to setup AWS credentials

I'm not sure yet which permission I need to give yet, but I would have expected that it wouldn't fail the run at least

Cellule commented 2 months ago

I found that adding the following permission solves this error.

      pull-requests: read # Needed for workflow_dispatch execution
MikeMcC399 commented 2 months ago

@Cellule

Thank you for reporting your issue! I understand that you have resolved your error condition.

The documentation does not cover permissions settings, so there is some scope for adding information to help users avoid the issue which you ran into.

Could you please post your failing workflow? That would help us to reproduce your issue. We could also check if the error condition needs to be fatal or whether it could be a warning only.

mfrancekovic commented 2 months ago

Hi @MikeMcC399 , @Cellule ,

I've ran into the same problem. For us the issue occured right after we've done a forced upgrade to Enterprise account in Github.

Before that cypress-io actions were running for us for years. And the issue happened right after I've upgraded our organization to Enterprise level structure which Github will be enforcing for all users which use Enterprise plans.

I suspect that for the Enterprise there might be some different default rules for GITHUB_TOKEN.

In our case I've added the following line on the top level in the workflow where we use cypress-io, and that fixed it:

permissions: read-all
MikeMcC399 commented 2 months ago

Closing as there was no further response and I was unable to reproduce the issue.