Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Failed to create checks using the provided token. (HttpError: Not Found) #23

Closed
knaktrevor opened this issue Jan 22, 2021 · 10 comments
Closed

Error: Failed to create checks using the provided token. (HttpError: Not Found) #23

knaktrevor opened this issue Jan 22, 2021 · 10 comments

Comments

@knaktrevor
Copy link

The link below returns a 404. Not sure if it use to contain relevant information to help with the related error, but information on what permissions are required for the token would be helpful too.

Warning: This usually indicates insufficient permissions. More details: #32
@knaktrevor
Copy link
Author

Works correctly if you use the default token provided by GitHub:
https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token

Maybe include something about this in the documentation, but if it's possible to use a personal access token to limit the scope, that would be beneficial too.

@mikepenz
Copy link
Owner

mikepenz commented Jan 22, 2021
edited
Loading

Oh thanks for the info that the link is now broken. I have updated the action with the typescript template and due to that I created a new repo.

The link to the details is: mikepenz/action-junit-report-legacy#32

This limitation is not really a limitation of the action but more how github actions functions.

It's ultimately a security risk if GitHub actions would allow this for forked repos: mikepenz/action-junit-report-legacy#32 (comment)

@mikepenz
Copy link
Owner

In this special situation as of yours it was not really the security issue to to pwn requests, but you tried to use a different PAT which limited access.

In the locations we use this action we usually use the provided token from the action as it is special, and specially created for actions to be used.

I fully agree that trusting github actions available on the marketplace is always risky, as such lowering risk by giving an action as little power as possible. For that I would love to learn more which options there are to create a token with as little power as possible for this.

Beside that. Please always feel free to read the source code and recompile the action to see that it will result in the same sources (I use exact the statements as documented in the README)

Sadly there is no current way for me to get verified on the GitHub actions marketplace as I am not a. company, nor is there a review process which all would be amazing to add additional security to the github actions ecosystem.

If you have additional ideas to improve this or suggestions. Happy to have a chat about these.

@Stefanqn Stefanqn mentioned this issue Jul 27, 2021
Merged
@eygraber eygraber mentioned this issue Apr 14, 2022
Merged
@mb-emag mb-emag mentioned this issue Jun 21, 2022
Merged
@anton-l anton-l mentioned this issue Oct 29, 2022
Closed
2 tasks
@olevett olevett mentioned this issue Dec 15, 2022
Closed
@midgleyc midgleyc mentioned this issue Jan 15, 2023
Merged
@iBotPeaches
Copy link

If anyone gets sent to this page, but a slightly different error like:

❌ Failed to create checks using the provided token. (HttpError: Resource not accessible by integration)

You probably have on top of workflow something like this:

permissions:
    contents: read
    checks: write
    id-token: write

This package needs checks: write and good to go. So add that if missing.

@mikepenz
Copy link
Owner

mikepenz commented Feb 1, 2023

@iBotPeaches is the id-token one also required?

It's probably helpful to increase the visibility in the README with checks: write only being noted in the collapsed example

@iBotPeaches
Copy link

@iBotPeaches is the id-token one also required?

It's probably helpful to increase the visibility in the README with checks: write only being noted in the collapsed example

It isn't. id-token is what I added to enable OIDC for AWS deploys. Since I added it all the others defaulted to less permission instead of their default and thus an error. I needed contents for actions/checkout action and then checks for this action.

@mikepenz
Copy link
Owner

mikepenz commented Feb 1, 2023

Thank you very much. I'll update the README to add some more transparency to it.

@Nirusu Nirusu mentioned this issue Mar 17, 2023
Merged
shogo82148 added a commit to shogo82148/CPAN-Meta-Requirements that referenced this issue Jun 6, 2023
@shogo82148
fix permission of GitHub Actions workflow.
bb02b1c 
I got some errors on GitHub Actions.

```
  ℹ️ - JUnit Report (5.10) - 143 tests run, 143 passed, 0 skipped, 0 failed.
  ℹ️ - JUnit Report (5.10) - Creating check for
  Error: ❌ Failed to create checks using the provided token. (HttpError: Resource not accessible by integration)
  Warning: ⚠️ This usually indicates insufficient permissions. More details: mikepenz/action-junit-report#23
```

Because the default permissions have changed,
permissions must be set explicitly..
chizmw added a commit to chizmw/botc-custom-script-json2pdf that referenced this issue Jul 12, 2023
@chizmw
add permissions to pytest workflow
1d5dc4d 
mikepenz/action-junit-report#23 (comment)
chizmw added a commit to chizmw/botc-custom-script-json2pdf that referenced this issue Jul 22, 2023
@chizmw
add permissions to pytest workflow
0e39d37 
mikepenz/action-junit-report#23 (comment)
@josefbacik
Copy link

I'm seeing the same issue, and I think I've followed all the suggestions offered in the documentation, and I'm still getting this error.

Weirdly I'm also getting the properly parsed results, so it appears to just be noisy? You can see an example here

https://github.com/btrfs/linux/actions/runs/6148653491

the "test-zoned" for example had 1 failure, and the results are properly posted for that, but there's also errors from the tool about a token. Any idea what's going on here?

@mikepenz
Copy link
Owner

Good day @josefbacik

What you are seeing is the summary which gets posted to your build:
Screenshot 2023-09-13 at 15 52 51

However, it fails to create the checks which is done here:

If you do not want a check to be created, you can for example only have annotations by setting annotateOnly.

Related the issue. For checks to be created, the token requires the specific permission.
https://github.com/mikepenz/action-junit-report?tab=readme-ov-file#pr-run-permissions
(if you use a different token than the GitHub Actions provided token, make sure it allows for checks to be created)

@josefbacik
Copy link

@mikepenz thanks! The permissions thing doesn't work for "external pull requests" because of the restricted permissions GH does. I'll use the atnnotateOnly thing, that's perfect, thanks so much!

@xav xav mentioned this issue Oct 19, 2023
Merged
3 tasks
@mhutter mhutter mentioned this issue Oct 27, 2023
Open
4 tasks
peacetrue added a commit to peacetrue/peacetrue-gradle that referenced this issue Nov 25, 2023
@peacetrue
https://github.com/mikepenz/action-junit-report/issues/23
6876505
haydenroche5 added a commit to haydenroche5/note-c that referenced this issue Dec 4, 2023
@haydenroche5
Fix a couple issues.
94073cb 
- mikepenz/action-junit-report#23 (comment)
- Update platformio.ini to remove extra_scripts.
yucem44 referenced this issue in OffchainLabs/arbitrum-sdk Dec 16, 2023
@spsjvc
ci: update permissions for lint job (#252)
7c1e375
@opatry opatry mentioned this issue Dec 17, 2023
Closed
@Fishbowler Fishbowler mentioned this issue May 16, 2024
Merged
@kthoms kthoms mentioned this issue Oct 28, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@josefbacik @iBotPeaches @mikepenz @knaktrevor and others