search

nolar / kopf

A Python framework to write Kubernetes operators in just a few lines of code
https://kopf.readthedocs.io/
MIT License
2.12k stars 161 forks source link

GitHubActions: "Resource not accessible by integration" for Unit-tests #593

Open nolar opened 3 years ago

nolar commented 3 years ago

Example:

image

Run EnricoMi/publish-unit-test-result-action@v1.5
/usr/bin/docker run --name b2a8c111414f8fac32ce59128e0a_4c4cc9 --label 179394 --workdir /github/workspace --rm -e pythonLocation -e LD_LIBRARY_PATH -e INPUT_GITHUB_TOKEN -e INPUT_COMMENT_ON_PR -e INPUT_FILES -e INPUT_CHECK_NAME -e INPUT_REPORT_INDIVIDUAL_RUNS -e INPUT_DEDUPLICATE_CLASSES_BY_FILE_NAME -e INPUT_HIDE_COMMENTS -e INPUT_LOG_LEVEL -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/kopf/kopf":"/github/workspace" 179394:1850b2a8c111414f8fac32ce59128e0a
2020-12-03 22:52:25 +0000 - publish-unit-test-results -  INFO - reading junit.xml: ['junit.xml']
2020-12-03 22:52:25 +0000 - publish.publisher -  INFO - publishing results for commit ca73376233896c12cde0a731670b8d6c7a87ab27
2020-12-03 22:52:26 +0000 - publish.publisher -  INFO - creating check
Traceback (most recent call last):
  File "/action/publish_unit_test_results.py", line 89, in <module>
    main(settings)
  File "/action/publish_unit_test_results.py", line 32, in main
    Publisher(settings, gh).publish(stats, results.case_results)
  File "/action/publish/publisher.py", line 59, in publish
    check_run = self.publish_check(stats, cases)
  File "/action/publish/publisher.py", line 163, in publish_check
    output=output)
  File "/action/githubext/Repository.py", line 78, in create_check_run
    headers={'Accept': 'application/vnd.github.antiope-preview+json'},
  File "/usr/local/lib/python3.6/site-packages/github/Requester.py", line 319, in requestJsonAndCheck
    verb, url, parameters, headers, input, self.__customConnection(url)
  File "/usr/local/lib/python3.6/site-packages/github/Requester.py", line 342, in __check
    raise self.__createException(status, responseHeaders, output)
github.GithubException.GithubException: 403 {"message": "Resource not accessible by integration", "documentation_url": "https://docs.github.com/rest/reference/checks#create-a-check-run"}

It is either an issue in the action, or something with the GitHub API token setup — needs to be verified. Most likely to happen in all external PRs (PRs from forks, which by definition do not have access to the GitHub token).

nolar commented 3 years ago

Explained here: https://github.com/EnricoMi/publish-unit-test-result-action#support-fork-repositories

There is a special setup required for this action to work with forks.

Since I don't use these results (but rather check the logs), it is easier to drop the whole idea of JUnit results uploaded than to worry for security of tokens now.