[BUG]: Octokit not working in GitHub actions.

[mayank1513]

What happened?

I am trying to update the repository tags from GitHub actions as per this documentation. But it throws errors.

Please also check related question on StackOverflow. Here is the repo with the issue.

Versions

^3.1.0

Relevant log output

RequestError [HttpError]: Resource not accessible by integration
    at /home/runner/work/turborepo-template/turborepo-template/node_modules/.pnpm/@octokit+request@8.1.1/node_modules/@octokit/request/dist-node/index.js:112:21
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async requestWithGraphqlErrorHandling (/home/runner/work/turborepo-template/turborepo-template/node_modules/.pnpm/@octokit+plugin-retry@6.0.0_@octokit+core@5.0.0/node_modules/@octokit/plugin-retry/dist-node/index.js:71:20)
    at async Job.doExecute (/home/runner/work/turborepo-template/turborepo-template/node_modules/.pnpm/bottleneck@2.19.5/node_modules/bottleneck/light.js:405:18) {
  status: 403,
  response: {
    url: 'https://api.github.com/repos/mayank1513/turborepo-template/topics',
    status: 403,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Sat, 02 Sep 2023 16:00:00 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-accepted-github-permissions': 'administration=write',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': 'BD40:1C3B:14F1A2:2B3514:64F35BFF',
      'x-ratelimit-limit': '1000',
      'x-ratelimit-remaining': '998',
      'x-ratelimit-reset': '1693673999',
      'x-ratelimit-resource': 'core',
      'x-ratelimit-used': '2',
      'x-xss-protection': '0'
    },
    data: {
      message: 'Resource not accessible by integration',
      documentation_url: 'https://docs.github.com/rest/repos/repos#replace-all-repository-topics'
    }
  },
  request: {
    method: 'PUT',
    url: 'https://api.github.com/repos/mayank1513/turborepo-template/topics',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'octokit.js/3.1.0 octokit-core.js/5.0.0 Node.js/18.17.1 (linux; x64)',
      'x-github-api-version': '2022-11-28',
      authorization: 'token [REDACTED]',
      'content-type': 'application/json; charset=utf-8'
    },
    body: '{"names":["nextjs","nodejs","react","reactjs-libraries","server-components","template","tsup","turborepo","typescript","vitest","cicd","fork","fork-me","github-actions","react18","up-for-grabs","mayank1513","automation","GitHub","nextjs13","react-server-components","react-client-components","javascript","turborepo-trmplate"]}',
    request: { hook: [Function: bound bound register] }
  }
}

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[github-actions[bot]]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

[gr2m]

can you share the whole workflow file?

It's incorrect that Octokit is not working in GitHub actions, it most definitely is. The error you are seeing says that you either use GITHUB_TOKEN provided from actions or an installation access token with insufficient token.

[mayank1513]

Workflow file https://github.com/mayank1513/turborepo-template/blob/main/.github/workflows/publish.yml

[gr2m]

the permission you set are insufficient: https://github.com/mayank1513/turborepo-template/blob/be1a7f9b19caddaafc53704e3241397879976ce9/.github/workflows/publish.yml#L15-L16

The PUT /repos/{owner}/{repo}/topics endpoint requires the administration:write permission.

[mayank1513]

VSCode complains about key administration under permissions. I had also tried with write-all it didn't work.

[mayank1513]

And GitHub action also throws error - Invalid yml when administration: write permission is added.

[gr2m]

it's possible that the permission is simply not permitted for GitHub Actions. I would recommend to register a GitHub App with the required permissions you need for the automation and create an installation access token using https://github.com/actions/create-github-app-token. Alternatively use a personal access token.

But again, this is not really an Octokit problem, it's a GitHub Action problem. It seems the GITHUB_TOKEN provided by GitHub Actions cannot have the administration:write permission. So you need to use a different means of authentication in order to replace topics in a repositoy.

I'll close the issue because it's not a bug and is not actionable for the @octokit maintainers, but feel free to ask follow up questions. Another place to ask general questions about GitHub Actions is https://github.com/orgs/community/discussions/categories/actions, and questions about APIs is https://github.com/orgs/community/discussions/categories/api-and-webhooks