-
-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: Failed to create checks using the provided token. (HttpError: Not Found) #23
Comments
Works correctly if you use the default token provided by GitHub: Maybe include something about this in the documentation, but if it's possible to use a personal access token to limit the scope, that would be beneficial too. |
Oh thanks for the info that the link is now broken. I have updated the action with the typescript template and due to that I created a new repo. The link to the details is: mikepenz/action-junit-report-legacy#32 This limitation is not really a limitation of the action but more how github actions functions. It's ultimately a security risk if GitHub actions would allow this for forked repos: mikepenz/action-junit-report-legacy#32 (comment) |
In this special situation as of yours it was not really the security issue to to In the locations we use this action we usually use the provided token from the action as it is I fully agree that trusting github actions available on the marketplace is always risky, as such lowering risk by giving an action as little power as possible. For that I would love to learn more which options there are to create a token with as little power as possible for this. Beside that. Please always feel free to read the source code and recompile the action to see that it will result in the same sources (I use exact the statements as documented in the README) Sadly there is no current way for me to get verified on the GitHub actions marketplace as I am not a. company, nor is there a review process which all would be amazing to add additional security to the github actions ecosystem. If you have additional ideas to improve this or suggestions. Happy to have a chat about these. |
If anyone gets sent to this page, but a slightly different error like:
You probably have on top of workflow something like this:
This package needs |
@iBotPeaches is the It's probably helpful to increase the visibility in the README with |
It isn't. |
Thank you very much. I'll update the README to add some more transparency to it. |
I got some errors on GitHub Actions. ``` ℹ️ - JUnit Report (5.10) - 143 tests run, 143 passed, 0 skipped, 0 failed. ℹ️ - JUnit Report (5.10) - Creating check for Error: ❌ Failed to create checks using the provided token. (HttpError: Resource not accessible by integration) Warning:⚠️ This usually indicates insufficient permissions. More details: mikepenz/action-junit-report#23 ``` Because the default permissions have changed, permissions must be set explicitly..
I'm seeing the same issue, and I think I've followed all the suggestions offered in the documentation, and I'm still getting this error. Weirdly I'm also getting the properly parsed results, so it appears to just be noisy? You can see an example here https://github.com/btrfs/linux/actions/runs/6148653491 the "test-zoned" for example had 1 failure, and the results are properly posted for that, but there's also errors from the tool about a token. Any idea what's going on here? |
Good day @josefbacik What you are seeing is the summary which gets posted to your build: However, it fails to create the If you do not want a check to be created, you can for example only have annotations by setting Related the issue. For checks to be created, the token requires the specific permission. |
@mikepenz thanks! The permissions thing doesn't work for "external pull requests" because of the restricted permissions GH does. I'll use the atnnotateOnly thing, that's perfect, thanks so much! |
- mikepenz/action-junit-report#23 (comment) - Update platformio.ini to remove extra_scripts.
The link below returns a 404. Not sure if it use to contain relevant information to help with the related error, but information on what permissions are required for the token would be helpful too.
Warning: This usually indicates insufficient permissions. More details: #32
The text was updated successfully, but these errors were encountered: