Closed AjayJagan closed 1 week ago
Hi @AjayJagan
Firstly, you should check that generate-token
is actually generating tokens.
The fork exists in the same org, where the workflow runs and has the GH app installed in the fork repo.
The GH app should be installed in the repo where the workflow that needs to generate tokens is running. So it should be installed where the workflow runs, not the fork. Please see the docs here to make sure it's setup correctly: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens
By the way, are you manually triggering this workflow from the UI? Or are you triggering it in some other way?
I can see that it is generating the tokens using gh auth status
(I tried using the action -> tibdex/github-app-token@v1
as well. No luck :()
The above step is when I tried to create a pr directly using a shell script + gh cli.(The same works with a PAT)
ā Logged in to github.com account aj-gh-app[bot] (GH_TOKEN)
- Active account: true
- Git operations protocol: https
- Token: ghs_************************************
Also, I tried using this token for updating repo variables, creating pr in the same repo etc and it worked well š
To make sure, I gave the option to install in All repositories
and gave all the available permissions to the app.
For this case, I am manually triggering the workflow from UI
This issue might be related: https://github.com/orgs/community/discussions/69154#discussioncomment-7191057
Could be worth trying that action with the owner
input set.
There might be similar settings on tibdex/github-app-token
to give wider permissions. See the installation_retrieval_mode
and installation_retrieval_payload
inputs here.
I don't know anything further to help you, but I think this use case is possible. It's just a matter of finding the right permissions and setup of the GH app.
Please let me know if you manage to solve this.
tried both, still the same issue :(
Hi @AjayJagan
For the upcoming v7 release I've been doing lots of testing and I think I understand why this wasn't working for you. I've managed to get GitHub App generated tokens working with push-to-fork
, but there are limitations, which may make it not viable for your particular case.
Please read the new documentation for the v7 release at the following link. If it's not clear and you don't understand how it applies to your case, please let me know. https://github.com/peter-evans/create-pull-request/blob/signed-commits/docs/concepts-guidelines.md#pushing-to-a-fork-with-fine-grained-permissions
You can try the release candidate for v7 like this:
- uses: peter-evans/create-pull-request@v7-rc
Sorry for the late reply but thanks for this @peter-evans :)
Subject of the issue
GitHub App can be used as a service account to generate short-lived tokens in the workflows. While trying to use such a token to create a pull request in a remote repo + push-to-fork, it fails with the error:
Resource not accessible by integration
The fork exists in the same org, where the workflow runs and has the GH app installed in the fork repo.Steps to reproduce
If this issue is describing a possible bug please provide (or link to) your GitHub Actions workflow.
Any help would be much appreciated :)