Get the 403 resource not accessible error in a reusable workflow action

lindseysimple commented 2 years ago

Define the action-eslint action in a callee reusable workflow as below:

jobs:
  eslint:
    runs-on: ubuntu-latest
    env:
      NODE_VERSION: 16
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ env.NODE_VERSION }}      
      - name: Install dependencies
        run: npm ci
      - uses: reviewdog/action-eslint@v1
        with:
          fail_on_error: true
          eslint_flags: 'src/'

Will get the following error on the caller workflow:

eslint version:v8.19.0
 Running eslint with reviewdog 🐶 ...
  reviewdog: GET https://api.github.com/repos/<org>/<repo>/pulls/38/comments?per_page=100: 403 Resource not accessible by integration []
Error: Process completed with exit code 1.

If not using the reusable workflow, it works on the repository which triggers the github action.

zirkelc commented 1 year ago

Same issue here. Were you able to solve it?

zirkelc commented 1 year ago

Adding the persmissions on workflow level solved the issue for me:

permissions:
  checks: write
  contents: write
  issues: write
  pull-requests: write

hlascelles commented 1 year ago

NB Always use least privilege. Don't give any tasks/jobs/people any more permissions than they need.

You should just be able to use:

permissions:
  checks: write
  contents: read
  pull-requests: read

reviewdog / action-eslint

Get the 403 resource not accessible error in a reusable workflow action #147