-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission to create PR denied #268
Comments
+1 to all of the above |
With
This is also after I told it to use a PAT that I gave every permission to:
|
Ah, I think it may have to do with project settings: https://github.com/foo/bar/settings/actions Mine is working using PA_TOKEN, plus these functions. I'll start walking some of the changes back to see what did it. But might be good to add to the docs! |
This would be very useful to add to the docs. I tried a workflow run again using the settings you suggested @timfee, and I got a different error but the same 403 status code. The error this time hinted at my access token not having the correct permission set to perform a pull request, which is interesting considering I added permission to make a PR (at least I think that's what the permission set in #220 allowed). Slimming down and codifying the permission set from "everything" to what's needed would be very helpful, and there's probably something more in #220 that I'm not seeing. Error: a [HttpError]: Resource not accessible by personal access token
at /home/runner/work/_actions/changesets/action/v1/dist/index.js:192:1285
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Object.w [as runVersion] (/home/runner/work/_actions/changesets/action/v1/dist/index.js:970:5099)
Error: Resource not accessible by personal access token
at async /home/runner/work/_actions/changesets/action/v1/dist/index.js:972:2406 {
status: 403,
response: {
url: 'https://api.github.com/repos/me/repo/pulls',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: '<not included for security>',
'github-authentication-token-expiration': '<not included for security>',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '<not included for security>',
'x-ratelimit-limit': '5000',
'x-ratelimit-remaining': '4985',
'x-ratelimit-reset': '1677695726',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '15',
'x-xss-protection': '0'
},
data: {
message: 'Resource not accessible by personal access token',
documentation_url: 'https://docs.github.com/rest/reference/pulls#create-a-pull-request'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/me/repo/pulls',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-core.js/3.6.0 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: `{"base":"main","head":"changeset-release/main","title":"Version Packages","body":"This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.\\n\\n\\n# Releases\\n## <redacted, bump header>\\n\\n### Patch Changes\\n\\n- <redacted, changes made>\\n"}`,
request: { agent: [Agent], hook: [Function: bound bound r] }
}
} |
UPDATE: Evidently the Fine-Grained Token I made didn't have any permissions, I think they were reset. After giving the token access to my repository, along with read/write permissions to Contents and Pull Requests as in #220, the workflow ran beautifully. I think this issue can be closed, but I think adding the results of this issue to the docs to guide other users would be beneficial. |
To be explicitly clear these are the required permissions, if you use default token: permissions:
pull-requests: write
contents: write
|
Hello,
I'm using changesets in my monorepo along with the GitHub Action. Whenever I push code to the main branch (ie after a pull request from another branch or after changing configuration files) I'd like the changeset action to run as specified in the publishing to NPM example. I gave the action a working NPM token and a fine-grained GitHub token with full permissions to Contents and Pull Requests, as per issue #220. For some reason, when the action tries to run
/usr/bin/git push origin HEAD:changeset-release/main --force
, the API responds back with a 403 code and the process fails with a 128 exit code.Running
pnpm release
on my machine works just fine, versioning the packages, making a changelog, building my libraries for releaseHere's my
.github/workflows/release.yml
:Call stack:
Versions:
Am I using this workflow wrong and there's something I need to fix? Is there a set of permissions I need to add? Would using an older version of @changesets/cli work?
The text was updated successfully, but these errors were encountered: