"Resource not accessible by integration"

Question

"Resource not accessible by integration"

Closed this issue a year ago · 2 comments

I'm trying to write a GitHub action that temporarily disabled merging by requiring admin access. so I wrote an action like this:

name: Disable merging

on:
  # Manual trigger
  workflow_dispatch:
    inputs:
      branch:
        description: What branch to protect
        default: main
        required: true

jobs:
  disable-merging:
    name: Disable Merging
    permissions: write-all
    runs-on: ubuntu-latest
    steps:
    - name: Removed the admin protection
      uses: octokit/request-action@v2.1.0
      id: remove_admin_protection
      with:
        route: POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
        owner: TheOddler
        repo: github-actions-tests
        branch: ${{ github.event.inputs.branch }}
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

# some more jobs to wait and then reenable again

However, when I run this I get the error "Resource not accessible by integration". From what I could find online it might be a permission problem, but I set the github token to have read/write access:

I enabled debug info, but it didn't tell me much new, other than that I'm getting a 403 error from github:

##[debug]Evaluating: secrets.GITHUB_TOKEN
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'GITHUB_TOKEN'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating condition for step: 'Removed the admin protection'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: Removed the admin protection
##[debug]Loading inputs
##[debug]Evaluating: github.event.inputs.branch
##[debug]Evaluating Index:
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating github:
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'event'
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'inputs'
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'branch'
##[debug]=> 'main'
##[debug]Result: 'main'
Warning: Unexpected input(s) 'owner', 'repo', 'branch', valid inputs are ['route', 'mediaType']
##[debug]Loading env
Run octokit/request-action@v2.1.0
POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins
> owner: TheOddler
> repo: github-actions-tests
> branch: main
> mediaType: [object Object]
##[debug]route: 'POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins'
##[debug]parameters: {
##[debug]  owner: 'TheOddler',
##[debug]  repo: 'github-actions-tests',
##[debug]  branch: 'main',
##[debug]  mediaType: {}
##[debug]}
##[debug]parsed request options: {
##[debug]  method: 'POST',
##[debug]  headers: {
##[debug]    accept: 'application/vnd.github.v3+json',
##[debug]    'user-agent': 'octokit-action.js/3.7.1 octokit-core.js/3.4.0 Node.js/12.22.7 (linux; x64)',
##[debug]    'content-length': 0
##[debug]  },
##[debug]  request: { hook: [Function: bound bound register] },
##[debug]  data: undefined,
##[debug]  url: 'https://api.github.com/repos/TheOddler/github-actions-tests/branches/main/protection/enforce_admins'
##[debug]}
< 403 222ms

::set-output name=status::403
Warning: The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
##[debug]steps.remove_admin_protection.outputs.status='403'
##[debug]RequestError [HttpError]: Resource not accessible by integration
##[debug]    at /home/runner/work/_actions/octokit/request-action/v2.1.0/dist/index.js:6251:23
##[debug]    at processTicksAndRejections (internal/process/task_queues.js:97:5)
##[debug]    at async main (/home/runner/work/_actions/octokit/request-action/v2.1.0/dist/index.js:404:39) {
##[debug]  status: 403,
##[debug]  headers: {
##[debug]    'access-control-allow-origin': '*',
##[debug]    'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
##[debug]    connection: 'close',
##[debug]    'content-encoding': 'gzip',
##[debug]    'content-security-policy': "default-src 'none'",
##[debug]    'content-type': 'application/json; charset=utf-8',
##[debug]    date: 'Thu, 13 Apr 2023 16:58:46 GMT',
##[debug]    'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
##[debug]    server: 'GitHub.com',
##[debug]    'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
##[debug]    'transfer-encoding': 'chunked',
##[debug]    vary: 'Accept-Encoding, Accept, X-Requested-With',
##[debug]    'x-content-type-options': 'nosniff',
##[debug]    'x-frame-options': 'deny',
##[debug]    'x-github-api-version-selected': '2022-11-28',
##[debug]    'x-github-media-type': 'github.v3; format=json',
##[debug]    'x-github-request-id': '0481:791A:1A5B4EA:35D023B:643834C6',
##[debug]    'x-ratelimit-limit': '1000',
##[debug]    'x-ratelimit-remaining': '996',
##[debug]    'x-ratelimit-reset': '1681407830',
##[debug]    'x-ratelimit-resource': 'core',
##[debug]    'x-ratelimit-used': '4',
##[debug]    'x-xss-protection': '0'
##[debug]  },
##[debug]  request: {
##[debug]    method: 'POST',
##[debug]    url: 'https://api.github.com/repos/TheOddler/github-actions-tests/branches/main/protection/enforce_admins',
##[debug]    headers: {
##[debug]      accept: 'application/vnd.github.v3+json',
##[debug]      'user-agent': 'octokit-action.js/3.7.1 octokit-core.js/3.4.0 Node.js/12.22.7 (linux; x64)',
##[debug]      'content-length': 0,
##[debug]      authorization: 'token [REDACTED]'
##[debug]    },
##[debug]    request: { hook: [Function: bound bound register] }
##[debug]  },
##[debug]  documentation_url: 'https://docs.github.com/rest/branches/branch-protection#set-admin-branch-protection'
##[debug]}
Error: Resource not accessible by integration
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Removed the admin protection

What am I missing?

Answer 1 · 2023-05-22T19:35:50.000Z

For the POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins endpoint you need the repository administration write permission, I'm not sure if that one is even available to the GITHUB_TOKEN provide to actions by default. You might need to use a personal access token or your own app for which you generate an installation access token with something like https://github.com/tibdex/github-app-token

Answer 2 · 2023-05-23T12:52:58.000Z

Yea, looks like that was it, can't use the GITHUB_TOKEN for this :( I needed a personal access token with full access permission.