feat: warn if autoupdate fails on a fork

README.md

@@ -21,7 +21,7 @@ on:
 jobs:
   autoupdate:
     name: autoupdate
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
     steps:
       - uses: docker://chinthakagodawita/autoupdate-action:v1
         env:

src/autoupdater.ts

@@ -9,7 +9,7 @@ import {
   WorkflowRunEvent,
 } from '@octokit/webhooks-definitions/schema';
 import { ConfigLoader } from './config-loader';
-import { Endpoints } from '@octokit/types';
+import { Endpoints, RequestError } from '@octokit/types';
 
 type PullRequestResponse =
   Endpoints['GET /repos/{owner}/{repo}/pulls/{pull_number}']['response'];
@@ -50,7 +50,10 @@ export class AutoUpdater {
 
     ghCore.info(`Handling pull_request event triggered by action '${action}'`);
 
-    const isUpdated = await this.update(pull_request);
+    const isUpdated = await this.update(
+      pull_request.head.repo.owner.login,
+      pull_request,
+    );
     if (isUpdated) {
       ghCore.info(
         'Auto update complete, pull request branch was updated with changes from the base branch.',
@@ -152,7 +155,7 @@ export class AutoUpdater {
       let pull: PullRequestResponse['data'];
       for (pull of pullsPage.data) {
         ghCore.startGroup(`PR-${pull.number}`);
-        const isUpdated = await this.update(pull);
+        const isUpdated = await this.update(owner, pull);
         ghCore.endGroup();
 
         if (isUpdated) {
@@ -168,7 +171,7 @@ export class AutoUpdater {
     return updated;
   }
 
-  async update(pull: PullRequest): Promise<boolean> {
+  async update(sourceEventOwner: string, pull: PullRequest): Promise<boolean> {
     const { ref } = pull.head;
     ghCore.info(`Evaluating pull request #${pull.number}...`);
 
@@ -211,7 +214,7 @@ export class AutoUpdater {
     }
 
     try {
-      await this.merge(mergeOpts);
+      return await this.merge(sourceEventOwner, pull.number, mergeOpts);
     } catch (e: unknown) {
       if (e instanceof Error) {
         ghCore.error(
@@ -221,8 +224,6 @@ export class AutoUpdater {
       }
       return false;
     }
-
-    return true;
   }
 
   async prNeedsUpdate(pull: PullRequest): Promise<boolean> {
@@ -365,7 +366,11 @@ export class AutoUpdater {
     return true;
   }
 
-  async merge(mergeOpts: MergeParameters): Promise<boolean> {
+  async merge(
+    sourceEventOwner: string,
+    prNumber: number,
+    mergeOpts: MergeParameters,
+  ): Promise<boolean> {
     const sleep = (timeMs: number) => {
       return new Promise((resolve) => {
         setTimeout(resolve, timeMs);
@@ -404,13 +409,33 @@ export class AutoUpdater {
         break;
       } catch (e: unknown) {
         if (e instanceof Error) {
+          /**
+           * If this update was against a fork and we got a 403 then it's
+           * probably because we don't have access to it.
+           */
+          if (
+            'status' in e &&
+            (e as RequestError).status === 403 &&
+            sourceEventOwner !== mergeOpts.owner
+          ) {
+            ghCore.error(
+              `Could not update pull request #${prNumber} due to an authorisation error. This is probably because this pull request is from a fork and the current token does not have write access to the forked repository.`,
+            );
+
+            return false;
+          }
+
+          // Ignore conflicts if configured to do so.
           if (
             e.message === 'Merge conflict' &&
             mergeConflictAction === 'ignore'
           ) {
             ghCore.info('Merge conflict detected, skipping update.');
-            break;
+
+            return false;
           }
+
+          // Else, throw an error so we don't continue retrying.
           if (e.message === 'Merge conflict') {
             ghCore.error('Merge conflict error trying to update branch');
             throw e;
@@ -431,6 +456,7 @@ export class AutoUpdater {
         }
       }
     }
+
     return true;
   }
 }

test/autoupdate.test.ts

@@ -860,7 +860,7 @@ describe('test `update`', () => {
     const updateSpy = jest
       .spyOn(updater, 'prNeedsUpdate')
       .mockResolvedValue(false);
-    const needsUpdate = await updater.update(<any>validPull);
+    const needsUpdate = await updater.update(owner, <any>validPull);
     expect(needsUpdate).toEqual(false);
     expect(updateSpy).toHaveBeenCalledTimes(1);
   });
@@ -872,7 +872,7 @@ describe('test `update`', () => {
       .spyOn(updater, 'prNeedsUpdate')
       .mockResolvedValue(true);
     const mergeSpy = jest.spyOn(updater, 'merge');
-    const needsUpdate = await updater.update(<any>validPull);
+    const needsUpdate = await updater.update(owner, <any>validPull);
 
     expect(needsUpdate).toEqual(true);
     expect(updateSpy).toHaveBeenCalledTimes(1);
@@ -894,7 +894,7 @@ describe('test `update`', () => {
       },
     };
 
-    const needsUpdate = await updater.update(<any>pull);
+    const needsUpdate = await updater.update(owner, <any>pull);
 
     expect(needsUpdate).toEqual(false);
     expect(updateSpy).toHaveBeenCalledTimes(1);
@@ -910,7 +910,7 @@ describe('test `update`', () => {
       .spyOn(updater, 'prNeedsUpdate')
       .mockResolvedValue(true);
     const mergeSpy = jest.spyOn(updater, 'merge').mockResolvedValue(true);
-    const needsUpdate = await updater.update(<any>validPull);
+    const needsUpdate = await updater.update(owner, <any>validPull);
 
     const expectedMergeOpts = {
       owner: validPull.head.repo.owner.login,
@@ -922,7 +922,11 @@ describe('test `update`', () => {
 
     expect(needsUpdate).toEqual(true);
     expect(updateSpy).toHaveBeenCalledTimes(1);
-    expect(mergeSpy).toHaveBeenCalledWith(expectedMergeOpts);
+    expect(mergeSpy).toHaveBeenCalledWith(
+      owner,
+      validPull.number,
+      expectedMergeOpts,
+    );
   });
 
   test('merge with no message', async () => {
@@ -933,7 +937,7 @@ describe('test `update`', () => {
       .spyOn(updater, 'prNeedsUpdate')
       .mockResolvedValue(true);
     const mergeSpy = jest.spyOn(updater, 'merge').mockResolvedValue(true);
-    const needsUpdate = await updater.update(<any>validPull);
+    const needsUpdate = await updater.update(owner, <any>validPull);
 
     const expectedMergeOpts = {
       owner: validPull.head.repo.owner.login,
@@ -944,7 +948,11 @@ describe('test `update`', () => {
 
     expect(needsUpdate).toEqual(true);
     expect(updateSpy).toHaveBeenCalledTimes(1);
-    expect(mergeSpy).toHaveBeenCalledWith(expectedMergeOpts);
+    expect(mergeSpy).toHaveBeenCalledWith(
+      owner,
+      validPull.number,
+      expectedMergeOpts,
+    );
   });
 });
 
@@ -973,6 +981,11 @@ describe('test `merge`', () => {
       description: 'merge error',
       success: false,
     },
+    {
+      code: 403,
+      description: 'authorisation error',
+      success: false,
+    },
   ];
 
   for (const responseTest of responseCodeTests) {
@@ -991,9 +1004,9 @@ describe('test `merge`', () => {
         .reply(responseTest.code);
 
       if (responseTest.success) {
-        await updater.merge(mergeOpts);
+        await updater.merge(owner, 1, mergeOpts);
       } else {
-        await expect(updater.merge(mergeOpts)).rejects.toThrowError();
+        await expect(updater.merge(owner, 1, mergeOpts)).rejects.toThrowError();
       }
 
       expect(scope.isDone()).toEqual(true);
@@ -1018,13 +1031,53 @@ describe('test `merge`', () => {
       scopes.push(scope);
     }
 
-    await expect(updater.merge(mergeOpts)).rejects.toThrowError();
+    await expect(updater.merge(owner, 1, mergeOpts)).rejects.toThrowError();
 
     for (const scope of scopes) {
       expect(scope.isDone()).toEqual(true);
     }
   });
 
+  test('handles fork authorisation errors', async () => {
+    (config.retryCount as jest.Mock).mockReturnValue(0);
+    const updater = new AutoUpdater(config, emptyEvent);
+
+    const scope = nock('https://api.github.com:443')
+      .post(`/repos/${owner}/${repo}/merges`, {
+        commit_message: mergeOpts.commit_message,
+        base: mergeOpts.base,
+        head: mergeOpts.head,
+      })
+      .reply(403, {
+        message: 'Must have admin rights to Repository.',
+      });
+
+    await updater.merge('some-other-owner', 1, mergeOpts);
+
+    expect(scope.isDone()).toEqual(true);
+  });
+
+  test('throws an error on non-fork authorisation errors', async () => {
+    (config.retryCount as jest.Mock).mockReturnValue(0);
+    const updater = new AutoUpdater(config, emptyEvent);
+
+    const scope = nock('https://api.github.com:443')
+      .post(`/repos/${owner}/${repo}/merges`, {
+        commit_message: mergeOpts.commit_message,
+        base: mergeOpts.base,
+        head: mergeOpts.head,
+      })
+      .reply(403, {
+        message: 'Must have admin rights to Repository.',
+      });
+
+    await expect(updater.merge(owner, 1, mergeOpts)).rejects.toThrowError(
+      'Must have admin rights to Repository.',
+    );
+
+    expect(scope.isDone()).toEqual(true);
+  });
+
   test('ignore merge conflicts', async () => {
     (config.retryCount as jest.Mock).mockReturnValue(0);
     (config.mergeConflictAction as jest.Mock).mockReturnValue('ignore');
@@ -1040,7 +1093,7 @@ describe('test `merge`', () => {
         message: 'Merge conflict',
       });
 
-    await updater.merge(mergeOpts);
+    await updater.merge(owner, 1, mergeOpts);
 
     expect(scope.isDone()).toEqual(true);
   });
@@ -1060,7 +1113,7 @@ describe('test `merge`', () => {
         message: 'Merge conflict',
       });
 
-    await expect(updater.merge(mergeOpts)).rejects.toThrowError(
+    await expect(updater.merge(owner, 1, mergeOpts)).rejects.toThrowError(
       'Merge conflict',
     );