Open sergey-s-betke opened 2 years ago
I get the same issue, if the PR comes from @dependabot
Invoke-WebRequest: D:\a_actions\zyborg\pester-tests-report\v1.5.0\action.ps1:303 Line | 303 | Invoke-WebRequest -Headers $hdr $url -Method Post -Body ($bdy | C … |
~~~~~~~~~~~~~| {"message":"Resource not accessible by | integration","documentation_url":"https://docs.github.com/rest/reference/checks#create-a-check-run"} Error: The process 'C:\Program Files\PowerShell\7\pwsh.exe' failed with exit code 1
Figured out the cause of this. For pull requests, the github token is read only to prevent possible attacks: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
I think the only secure way to get around this would be to add functionality to the action to save test results to an artifact in one workflow, and to digest that artifact in another workflow and post to a check run in the same way talked about in that link. Non-trivial work, but possible.
I was having this issue, and did a little googling and came across this post.
https://github.com/orgs/community/discussions/60820#discussioncomment-6445767
Check your Repo Settings > Actions > Workflow Permissions and then ensure its set to Read and write permissions, not just Read repository contents and packages permissions
Example:
But if I run manually, it work without errors:
And I see this behavior for each pull request.