search

integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
891 stars 736 forks source link

[BUG]: `403 Resource not accessible by integration []` #2226

Open garysassano opened 5 months ago

garysassano commented 5 months ago

Expected Behavior

Be able to create a repository using ${{ secrets.GITHUB_TOKEN }} instead of ${{ secrets.MY_PAT }}.

Actual Behavior

Can only create a github_repository resource using ${{ secrets.MY_PAT }}, since even a ${{ secrets.GITHUB_TOKEN }} with full write permissions doesn't have the rights to create a new repository when used with the integrations/github Terraform provider.

│ Error: POST https://api.github.com/user/repos: 403 Resource not accessible by integration []
│ 
│   with github_repository.SampleRepo,
      + allow_merge_commit          = false
      + allow_rebase_merge          = false
│   on main.tf line 14, in resource "github_repository" "SampleRepo":
│   14: resource "github_repository" "SampleRepo" {
│ 
jobs:
  apply:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ${{ env.tf_actions_working_dir }}
    steps:
    - uses: actions/checkout@v4

    - uses: hashicorp/setup-terraform@v3

    - name: Terraform Init
      id: init
      run: terraform init -input=false

    - name: Terraform Apply
      run: terraform apply -input=false -auto-approve
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

image

Terraform Version

Terraform v1.8.0 on linux_amd64 + provider registry.terraform.io/integrations/github v6.2.1

Affected Resource(s)

Terraform Configuration Files

terraform {
  required_providers {
    github = {
      version = "6.2.1"
      source  = "integrations/github"
    }
  }
}

provider "github" {}

resource "github_repository" "SampleRepo" {
  name                        = "todelete_sample"
  visibility                  = "private"
  allow_auto_merge            = false
  allow_merge_commit          = false
  allow_rebase_merge          = false
  allow_squash_merge          = true
  allow_update_branch         = true
  auto_init                   = true
  delete_branch_on_merge      = true
  has_discussions             = false
  has_downloads               = true
  has_issues                  = true
  has_projects                = true
  has_wiki                    = true
  merge_commit_message        = "PR_TITLE"
  merge_commit_title          = "MERGE_MESSAGE"
  squash_merge_commit_message = "COMMIT_MESSAGES"
  squash_merge_commit_title   = "PR_TITLE"
}

resource "github_branch_protection" "MainBranchProtection" {
  repository_id                   = github_repository.SampleRepo.node_id
  pattern                         = "main"
  allows_deletions                = false
  allows_force_pushes             = false
  enforce_admins                  = true
  require_conversation_resolution = true
  required_pull_request_reviews {
    dismiss_stale_reviews           = true
    required_approving_review_count = 1
  }
  required_status_checks {
    strict = true
  }
}

Steps to Reproduce

No response

Debug Output

No response

Panic Output

No response

Code of Conduct

cb-krishnapatel commented 4 months ago

Hi, We are facing the same issue. when can we expect this to be fixed?

dcfsc commented 4 months ago

I saw the same error with provider 5.45.0 and found I could fix it by using ONLY the GITHUB_TOKEN env var, and not the "token" value in the provider block. See #2242. Until that was changed I don't think I was using the correct token.

Something is weird but that might be a workaround. YMMV.

garysassano commented 4 months ago

IIRC, I fixed the issue by giving the GitHub App the administration: write permission. Definitely not intuitive, I couldn't find any reference in the official documentation.