Menu
So, maybe someone here can help me.
I've been trying to figure out why I get a Unhandled error: HttpError: Resource not accessible by integration when an action tries to tag a commit with the version number.
The Action's tagging step fails when I edit, commit and push a file from my local machine, but if I do the same via the GitHub UI I get a successful build.
Both are done using the same github account.
The only difference that I can spot is that the commit is 'Verified' when I do it from the web ui, but not when I push from my local machine.
The action file is below and not rocket science. The failing step uses actions/github-script, authenticated using the GITHUB_TOKEN, to create a version tag in the repo on a successfull publish.
The GITHUB_TOKEN permissions are 'exactly the same' for both a failing and a successfull run. 'exactly the same' is in quotes because the result obviously says different. ( see below for Set up job step output)
So my questions are:
Set up job output either lies or is incomplete?For now I've 'fixed it' by giving the action write-all permissions using:
permissions: write-all
I could've also fixed it using a custom API token in a action secret, but this question is more about understanding the why of it.
name: Publish Packages
on:
push:
branches: [ "main" ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
## some steps omitted for brevity ###
- name: Tag Release
uses: actions/[email protected]
with:
script: |
const tagName = '${{ steps.gitversion.outputs.majorMinorPatch }}';
const commitSha = process.env.GITHUB_SHA;
const { owner, repo } = context.repo;
console.log(`Creating new tag: ${tagName}...`);
const tag = await github.rest.git.createRef({
owner: owner,
repo: repo,
ref: `refs/tags/${tagName}`,
sha: commitSha,
});
console.log(`Created new tag: ${tagName}`);
1s
Run actions/[email protected]
Creating new tag: 1.1.1...
RequestError [HttpError]: Resource not accessible by integration
at /home/runner/work/_actions/actions/github-script/v6.4.1/dist/index.js:6842:21
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async eval (eval at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v6.4.1/dist/index.js:15143:16), <anonymous>:10:13)
at async main (/home/runner/work/_actions/actions/github-script/v6.4.1/dist/index.js:15236:20) {
status: 403,
response: {
Error: Unhandled error: HttpError: Resource not accessible by integration
url: 'https://api.github.com/repos/[REDACTED]/git/refs',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Tue, 11 Apr 2023 16:04:59 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '[REDACTED]',
'x-ratelimit-limit': '1000',
'x-ratelimit-remaining': '998',
'x-ratelimit-reset': '1681232100',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '2',
'x-xss-protection': '0'
},
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/reference/git#create-a-reference'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/[REDACTED]/git/refs',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'actions/github-script octokit-core.js/3.6.0 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"ref":"refs/tags/1.1.1","sha":"[REDACTED]"}',
request: { agent: [Agent], hook: [Function: bound bound register] }
}
}
GITHUB_TOKEN Permissions
Actions: write
Checks: write
Contents: write
Deployments: write
Discussions: write
Issues: write
Metadata: read
Packages: write
Pages: write
PullRequests: write
RepositoryProjects: write
SecurityEvents: write
Statuses: write
The step output just echos the tagging script.
GITHUB_TOKEN Permissions (exactly the same as the failing step!)
GITHUB_TOKEN Permissions
Actions: write
Checks: write
Contents: write
Deployments: write
Discussions: write
Issues: write
Metadata: read
Packages: write
Pages: write
PullRequests: write
RepositoryProjects: write
SecurityEvents: write
Statuses: write
944
In my case, the actions were failing because I had not given them write permissions in the repo.
To do this, go to your repo settings page -> actions
in the workflows permissions change it to read and write permissions if it wasn't this.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
