Resource not accessible by integration when using from fork PRs #31
Comments
|
Hi @rchiodo, I don't know, but I know people have problems with forks/PRs and GitHub actions in general. Please let me know when you find out and something needs to be fixed in this repo. |
|
Thanks. Other junit reporters seem to have the same problem. This may be the way to fix it? |
|
Maybe |
The https://github.com/ScaCap/action-surefire-report action has a bug that prevents it from running properly on PRs from forks: ScaCap/action-surefire-report#31.
The https://github.com/ScaCap/action-surefire-report action has a bug that prevents it from running properly on PRs from forks: ScaCap/action-surefire-report#31.
|
This may be solvable using the Unfortunately, it requires a bunch of extra action configuration. action-surefire-report very important for our dev workflow though, so I'm going to be working up a solution soon - I'll make sure to link back to here for context. |
|
For reference, deephaven/deephaven-core#547 |
|
@jmisur can you use |
Definitely not as it's not secure https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ I might however tinker with workflow_run style, but it's super unfortunate that such hacks are necessary. |
The https://github.com/ScaCap/action-surefire-report action has a bug that prevents it from running properly on PRs from forks: ScaCap/action-surefire-report#31.
|
Is there any update on this?I mean it has been open a while now... Since using dependabot more and more we run into this problem more and more :( |
|
It seems you can add permissions to the workflow, I got the build to work again once I added the following to the job: see also here |
* Bump plexus-utils from 3.4.2 to 3.5.0 Bumps [plexus-utils](https://github.com/codehaus-plexus/plexus-utils) from 3.4.2 to 3.5.0. - [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases) - [Commits](codehaus-plexus/plexus-utils@plexus-utils-3.4.2...plexus-utils-3.5.0) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-utils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * added permission to write to PRs * also permit write to statuses * use permissions as found in an issue ScaCap/action-surefire-report#31 (comment) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ronny Polley <ronnypolley@googlemail.com>
See ScaCap/action-surefire-report#31 Pull requests from forked repositories currently have token permission issues and the Java CI checks fail. This prevents auto-merging. Pull requests from the dropwizard-repo itself have the following permissions: ``` Actions: write Checks: write Contents: write Deployments: write Discussions: write Issues: write Metadata: read Packages: write Pages: write PullRequests: write RepositoryProjects: write SecurityEvents: write Statuses: write ``` while pull requests from forked repos have the following permissions: ``` Actions: read Checks: read Contents: read Deployments: read Discussions: read Issues: read Metadata: read Packages: read Pages: read PullRequests: read RepositoryProjects: read SecurityEvents: read Statuses: read ```
See ScaCap/action-surefire-report#31 Pull requests from forked repositories currently have token permission issues and the Java CI checks fail. This prevents auto-merging. Pull requests from the dropwizard-repo itself have the following permissions: ``` Actions: write Checks: write Contents: write Deployments: write Discussions: write Issues: write Metadata: read Packages: write Pages: write PullRequests: write RepositoryProjects: write SecurityEvents: write Statuses: write ``` while pull requests from forked repos have the following permissions: ``` Actions: read Checks: read Contents: read Deployments: read Discussions: read Issues: read Metadata: read Packages: read Pages: read PullRequests: read RepositoryProjects: read SecurityEvents: read Statuses: read ``` Refs dropwizard#7586 (cherry picked from commit cb47931)
See ScaCap/action-surefire-report#31 Pull requests from forked repositories currently have token permission issues and the Java CI checks fail. This prevents auto-merging. Pull requests from the dropwizard-repo itself have the following permissions: ``` Actions: write Checks: write Contents: write Deployments: write Discussions: write Issues: write Metadata: read Packages: write Pages: write PullRequests: write RepositoryProjects: write SecurityEvents: write Statuses: write ``` while pull requests from forked repos have the following permissions: ``` Actions: read Checks: read Contents: read Deployments: read Discussions: read Issues: read Metadata: read Packages: read Pages: read PullRequests: read RepositoryProjects: read SecurityEvents: read Statuses: read ``` Refs dropwizard#7586 (cherry picked from commit cb47931)
* Fix token permissions for PRs from forks See ScaCap/action-surefire-report#31 Pull requests from forked repositories currently have token permission issues and the Java CI checks fail. This prevents auto-merging. Pull requests from the dropwizard-repo itself have the following permissions: ``` Actions: write Checks: write Contents: write Deployments: write Discussions: write Issues: write Metadata: read Packages: write Pages: write PullRequests: write RepositoryProjects: write SecurityEvents: write Statuses: write ``` while pull requests from forked repos have the following permissions: ``` Actions: read Checks: read Contents: read Deployments: read Discussions: read Issues: read Metadata: read Packages: read Pages: read PullRequests: read RepositoryProjects: read SecurityEvents: read Statuses: read ``` Refs #7586 (cherry picked from commit cb47931) * Allow workflows to write to issues Refs #7586 (cherry picked from commit bd7c22e) --------- Co-authored-by: Jochen Schalanda <jochen@schalanda.name>
I tried to add write permission to the workflow for everything, but it does not help. Could you please prompt me what I am doing wrong? |
Getting this error here when this action runs from a PR from a fork:
I believe that's because of this:
https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
Fork PRs don't get write access.
Is there a way to get the report to work without requiring write access?
The text was updated successfully, but these errors were encountered: