Error "Resource not accessible by integration" on first run for commit

[sergey-s-betke]

Example:

• https://github.com/test-st-petersburg/DocTemplates/runs/4504598838?check_suite_focus=true#step:9:105
• https://github.com/test-st-petersburg/DocTemplates/runs/4504598673?check_suite_focus=true#step:9:103

But if I run manually, it work without errors:

• https://github.com/test-st-petersburg/DocTemplates/runs/4560300637?check_suite_focus=true#step:9:104
• https://github.com/test-st-petersburg/DocTemplates/runs/4560391815?check_suite_focus=true#step:9:102

And I see this behavior for each pull request.

[abbgrade]

I get the same issue, if the PR comes from @dependabot

Invoke-WebRequest: D:\a_actions\zyborg\pester-tests-report\v1.5.0\action.ps1:303 Line | 303 | Invoke-WebRequest -Headers $hdr $url -Method Post -Body ($bdy | C … | ~~~~~~~~~~~~~ | {"message":"Resource not accessible by | integration","documentation_url":"https://docs.github.com/rest/reference/checks#create-a-check-run"} Error: The process 'C:\Program Files\PowerShell\7\pwsh.exe' failed with exit code 1

[natescherer]

Figured out the cause of this. For pull requests, the github token is read only to prevent possible attacks: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

I think the only secure way to get around this would be to add functionality to the action to save test results to an artifact in one workflow, and to digest that artifact in another workflow and post to a check run in the same way talked about in that link. Non-trivial work, but possible.

[osotechie]

I was having this issue, and did a little googling and came across this post.

https://github.com/orgs/community/discussions/60820#discussioncomment-6445767

Check your Repo Settings > Actions > Workflow Permissions and then ensure its set to Read and write permissions, not just Read repository contents and packages permissions