Resource not accessible by integration #68
Comments
|
Try adding |
Thanks for the suggestion! |
Thanks @MishaKav! I just tried it in openai/gym@76d6a65 but I also get the same error: https://github.com/kir0ul/gym/runs/6709357231?check_suite_focus=true 😓 |
|
I am also encountering the same error myself; any updates on this @MishaKav ? Thanks a lot for your work on this! |
|
I have tested my actions file with below permissions setting and it works. jobs:
pytest:
runs-on: ubuntu-latest
permissions:
pull-requests: write |
|
I'm also still seeing this error with the following configuration: jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 8
permissions:
pull-requests: write
contents: read
id-token: write
steps:
......
- name: Run Unit Tests with Coverage
run: make test-cov
- name: Pytest coverage comment
uses: MishaKav/pytest-coverage-comment@9689962ff78b20865e4ec0b90789e62309498aab
with:
pytest-coverage-path: ./pytest-coverage.txt
junitxml-path: ./pytest.xml
|
|
Looks like you do a |
I was able to fix something similar by changing it from name: Check changes on branch
on:
pull_request: |
|
Hi there, I will add to this issue, because it fits thematically. If a PR is merged to master/main. The "pytest-coverage-comment" action tries to comment on a commit on master/main, right? In my setup it comments perfectly in the PR and after merge, I get: It is due to branch protection? Maybe you could add a hint in the documentation about branch protection and the required permissions for the GitHub token please? Thanks for the great action! |
|
I'm having a similar issue not sure if its related I get these results but nothing shows up in the output Wish I could share more but its a company repo Seems like it does all the work but no section is created in the output |
|
I encountered this same error while working on a class project for university. I was able to resolve it after reviewing the github organization and repository documentation for configuring the default Organization documentation link :https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization Repository documentation link: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions Essentially, you need to change the workflow read/write permissions from the defaults on the repository or organization level. I believe that you need to be the owner of the repo/organization to make the change. I have not tried as admin, but I know that you are unable to as a member. The default settings: Settings that fix the error: |
|
Thanks this is very helpful |
|
Of course, I'm glad I was able to help! ❤️ |
Right now this action is failing with what appears to be this issue: MishaKav/pytest-coverage-comment#68 It seems to be failing on PRs from outside contributors only, so making this change will let thoses PRs through while we sort this out.
|
My understanding of the issue is that PRs from forked repos can never get write access (and really, they never should). Seems like a better approach would be to use a separate workflow with read-write access that fetches the coverage artifacts from the read-only workflow, which deals with (untrusted) code from the PR. I have tried the following in the read-only workflow: - name: Unit+doc+integration tests with pytest + coverage
run: |
mkdir -p ./testresults
pytest --junitxml=testresults/pytest.xml \
--cov-report=term-missing:skip-covered \
--cov=speechbrain --cov-context=test \
--doctest-modules \
./speechbrain ./tests \
| tee testresults/pytest-coverage.txt
- uses: actions/upload-artifact@v2
with:
name: testresults
path: testresults/and in this as the whole read-write workflow: name: Comment coverage status on the pull request
on: # yamllint disable-line rule:truthy
workflow_run:
workflows: ["SpeechBrain toolkit CI"]
types:
- completed
jobs:
covcomment:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request'
steps:
- name: 'Download artifact'
uses: actions/github-script@v7.0.1
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "testresults"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/testresults.zip', Buffer.from(download.data));
- run: unzip testresults.zip
- name: Read the pull_request_number.txt file
id: pr_id_reader
uses: juliangruber/read-file-action@v1.1.6
with:
path: ./issue_id.txt
- name: Pytest coverage comment
uses: MishaKav/pytest-coverage-comment@main
with:
pytest-coverage-path: ./pytest-coverage.txt
junitxml-path: ./pytest.xml
hide-report: True
issue-number: ${{ steps.pr_id_reader.outputs.content }}However, this fails to send a comment on the PR because the workflow type is Additionally, this approach has the downside that only showing the modified files in the table is not possible as is... On a side note, it would be nifty if the table could be omitted when the comment is found to be too long. Is there a simpler way I've missed? |
|
Oh! I think I get it! I was having a similar problem even after adding the following code and following Ryan's suggestion on:
push:
branches:
- master
pull_request:
jobs:
build-test:
runs-on: ubuntu-22.04
strategy:
matrix:
python-version: ["3.9"]
permissions:
issues: write
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v3
<---- Snip ---->
- name: Pytest coverage comment
uses: MishaKav/pytest-coverage-comment@main
with:
pytest-xml-coverage-path: ./coverage.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}I noticed that it passed on pushing to my feature, but failed on merging to master. So, I added So basically, I think I will set pytest-coverage-comment to not run on merge with an if condition as I think it is not required at that stage. Hopefully this is useful for someone! :) |
|
Also may be solved with |
|
Hello! For some reason I get this error on pull requests created by dependabot. Running: Maybe this is a permission issue with dependabot? Edit: To answer my own question: Dependabot permissions are by default set to |
|
I have tried adding permission to the job everything works fine if the workflow is trigger with a manual dispatch I am very confused by why it behaves different depending on the event that trigger the workflow. |
|
I added the |
Right now this action is failing with what appears to be this issue: MishaKav/pytest-coverage-comment#68 It seems to be failing on PRs from outside contributors only, so making this change will let thoses PRs through while we sort this out.
Hi,
I'm trying to use this GH Action in openai/gym#2789. On my fork it seems to works fine: https://github.com/kir0ul/gym/runs/6244334853?check_suite_focus=true, but on the main repo I get
Error: HttpError: Resource not accessible by integration: https://github.com/openai/gym/runs/6244334980?check_suite_focus=true.I tried to modify the permissions as suggested in #30 (comment), but it didn't work.
Is there any way to work around this error?
The text was updated successfully, but these errors were encountered: