Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource not accessible by integration #49

Closed
Ridermansb opened this issue Sep 27, 2022 · 2 comments
Closed

Resource not accessible by integration #49

Ridermansb opened this issue Sep 27, 2022 · 2 comments

Comments

@Ridermansb
Copy link

Ridermansb commented Sep 27, 2022
edited
Loading

Gettings this error

0 ESLint error(s) and 0 ESLint warning(s) found in pull request changed files.
0 ESLint error(s) and 0 ESLint warning(s) found in files outside of the pull request.

✖  fatal     Resource not accessible by integration

running eslint --ext .ts,.tsx --output-file eslint_report.json --format json .

with this GH action

      - name: Save Code Linting Report JSON
        run: yarn lint:report
        continue-on-error: true
      - name: Annotate Code Linting Results
        uses: ataylorme/eslint-annotate-action@v2
        with:
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
@atsu85
Copy link

atsu85 commented Oct 27, 2022
edited
Loading

This error also happens for PRs created by dependabot. Based on issue created by GitHub bot this, it seems that checks: write is required.

I couldn't find anything related to granting custom permissions for dependabot for the repo:

  • dependabot.yaml documentation
    • custom token (for example PAT with custom permissions) could only be passed to registries, but in this case access is needed for PR target repo instead
  • googling
  • from GitHub GUI (neither from repo nor organization level)

Please let me know if you find a solution for dependabot, but currently i used following workaround to disable it for dependabot PRs:

      - name: Annotate Code Linting Results
        uses: ataylorme/eslint-annotate-action@v2
+        if: ${{ github.actor != 'dependabot[bot]' }} # dependabot doesn't have permissions

@ataylorme
Copy link
Owner

@atsu85 @Ridermansb this is a permission error with GITHUB_TOKEN when running from pull request from forks.

GITHUB_TOKEN for pull requests from forks is limited to read access and the Action requires write to status checks to do the annotations

For security reasons I would not encourage trying to bypass this. You might be able to use the github context to determine if a PR is from a fork and skip the annotation step with if as @atsu85 has shown an example of

You could still have the ESLint step prior run and fail if there are linting errors, there just won't be annotation

@delphiactual delphiactual mentioned this issue Apr 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Ridermansb @atsu85 @ataylorme