Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

GitHub actions "Resource not accessible by integration"

Tags:

github

github-actions

I want to list the variables I have added to the repository via the github.com/[org]/[repo]/settings/variables/actions page, e.g.: enter image description here

I have the following .github/workflow/test_build_deploy.yaml file:

name: Test, Build, Deploy

on: [ push ]

permissions: write-all

jobs:
  test_build_deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3

      - name: Export variables to env
        run: echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV

      - name: List all github variables
        run: gh variable list

When this runs it errors with:

Run gh variable list
failed to get variables: HTTP 403: Resource not accessible by integration (https://api.github.com/repos/YourKuppa/run-api/actions/variables?per_page=100)

I have tried following this answer's solutions by adding the permissions: write-all. And have also set "Workflow permissions" to "Read and write permissions" in both the repo's github.com/[org]/[repo]/settings/actions page setting and on the github.com/organizations/[org]/settings/actions page. From the error message these don't appear to be working. Any other solutions? enter image description here

I know some people have reported using their PATs (Personal Access Tokens) to get this to work. I would like to avoid doing that to avoid that solution tying my personal GitHub account to their repo (as I'm only a temporary contributor to this repo). Secondly the PAT will expire in a year, where as the GitHub token that's populated on each run seems like this should be a more appropriate (robust) solution.

like image 803
AJP Avatar asked Oct 21 '25 10:10

AJP

1 Answers

If you open the API in a browser the error message will explain that this API needs admin:repo permission, which the actions token doesn't have.

{
    "message": "Must have admin rights to Repository.",
    "documentation_url": "https://docs.github.com/rest/actions/variables#list-repository-variables"
}

In this case, the proper solution is to rely on a GitHub App to provide the token for your step:

      - name: Generate a token
        id: generate_token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.APP_PRIVATE_KEY }}

      - name: Use the token
        env:
          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
        run: |
          gh api octocat
like image 57
jessehouwing Avatar answered Oct 23 '25 23:10

jessehouwing
Sign in to Comment

Related questions

Is there a way to hide the new "used by" metric on your GitHub repos?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!