Use of team-reviewers results in: "Could not resolve to a node with the global id of..." error
jchoksijudopay opened this issue · 10 comments
Subject of the issue
Providing a GitHub team to request a review from doesn't work.
Steps to reproduce
- name: Push changes to Github and create pull request
if: ${{ env.CREATE_PR == 1 }}
id: pull_request
uses: peter-evans/create-pull-request@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
title: 'Some text here...'
body: |
Some text here...
- Some text here...
- Auto-generated by [create-pull-request][1]
[1]: https://github.com/peter-evans/create-pull-request
labels: binupdate, automated pr
team-reviewers: developers
branch: binbase/update
branch-suffix: timestamp
In the example above, developers
is a valid Github team. When I base64 decode MDQ6VGVhbTE3NTI3NjE=
in the error below, it resolves to: 04:Team1752761
and I can confirm that 1752761
is the correct id for our developers
Github team.
The error message we see is:
Requesting team reviewers 'developers'
Traceback (most recent call last):
File "/home/runner/work/_actions/peter-evans/create-pull-request/v2/dist/cpr/create_pull_request.py", line 213, in <module>
coupr.create_or_update_pull_request(
File "/home/runner/work/_actions/peter-evans/create-pull-request/v2/dist/cpr/create_or_update_pull_request.py", line 143, in create_or_update_pull_request
pull_request.create_review_request(
File "/opt/hostedtoolcache/Python/3.8.2/x64/lib/python3.8/site-packages/github/PullRequest.py", line 511, in create_review_request
headers, data = self._requester.requestJsonAndCheck(
File "/opt/hostedtoolcache/Python/3.8.2/x64/lib/python3.8/site-packages/github/Requester.py", line 317, in requestJsonAndCheck
return self.__check(
File "/opt/hostedtoolcache/Python/3.8.2/x64/lib/python3.8/site-packages/github/Requester.py", line 342, in __check
raise self.__createException(status, responseHeaders, output)
github.GithubException.GithubException: 422 {"message": "Validation Failed", "errors": ["Could not resolve to a node with the global id of 'MDQ6VGVhbTE3NTI3NjE='."], "documentation_url": "https://developer.github.com/v3/pulls/review_requests/#create-a-review-request"}
##[error]The process '/opt/hostedtoolcache/Python/3.8.2/x64/bin/python' failed with exit code 1
/usr/bin/git config --local --add http.https://github.com/.extraheader AUTHORIZATION: basic ***
This looks like a permissions issue. Could you explain a bit more about your setup. Is the team in the same org as the repository? Does the team have collaborator (write) access to the repository? Is the repository private?
Is the team in the same org as the repository?
Yes it is.
Does the team have collaborator (write) access to the repository?
Yes the developers
team has Write
role access to the repository.
We have a Nested Team structure as follows:
- WriteAccess Team (is the team that is assigned the "Write" Role to the repository)
|--- CI Team
|--- CI Member 1
|--- CI Member 2
|--- CI Member n
|--- Developers Team
|--- Developer Member 1
|--- Developer Member 2
|--- Developer Member n
Is the repository private?
Yes it is private.
I'll try and find some time to reproduce the problem and see if I can find a workaround. I'm fairly sure this is not a problem with the action itself, it's likely to be a permissions related issue with the GitHub API. One thing you could try is using a PAT instead of the default GITHUB_TOKEN
. You could also experiment with a top-level (not nested) team to see if that makes a difference.
I managed to setup an org and teams in the same way and reproduced the error. I'll see if I can figure out what the issue is and any workaround.
So it seems to be permissions related, but I’m not sure if it's intentional. It might be a GitHub API bug. The problem seems to be that the default GITHUB_TOKEN
does not have permission to request a review from a team. It doesn't appear to matter whether the repository is private or not, or whether the team is nested or not.
Here is how you can work around it:
- Create a new GitHub account that will act as a machine user.
- Add the machine user to a team that has write access for the repository.
- Log into the machine user account and create a
repo
scoped PAT. - Copy the generated PAT to a secret in your repository.
- Use the secret instead of the default
GITHUB_TOKEN
when runningcreate-pull-request
action.
Sorry for the delay in providing feedback. Using a PAT as a workaround works for us. Thank you very much for looking into the matter.
@peter-evans - I am facing the same issue even if I use PAT token.
Below fails
- name: Create Pull Request uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.user_GITHUB_TOKEN }} branch: update-flux branch-suffix: short-commit-hash commit-message: Update to ${{ steps.update.outputs.flux_version }} title: Update to ${{ steps.update.outputs.flux_version }} body: | ${{ steps.update.outputs.flux_version }} delete-branch: true author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> team-reviewers: | admin
Below works
- name: Create Pull Request uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.user_GITHUB_TOKEN }} branch: update-flux branch-suffix: short-commit-hash commit-message: Update to ${{ steps.update.outputs.flux_version }} title: Update to ${{ steps.update.outputs.flux_version }} body: | ${{ steps.update.outputs.flux_version }} delete-branch: true author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com> reviewers: thulasidassrinivasan
What am I doing wrong ? Could you Please help?
Was able to reproduce the following error using a GitHub App for this endpoint - the issue is permissions.
{
"message": "Validation Failed",
"errors": [
"Could not resolve to a node with the global id of 'T_kwDOBnBNDs4AYoNE'."
],
"documentation_url": "https://docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request"
}
For this endpoint to be successful the following permissions must be enabled on GitHub Apps:
Read access to metadata
Read and write access to members, pull requests, and team discussions
I'm also facing the same issue with my new GitHub app,
I have given the required permissions for the app, but still I'm getting this error.
@loujr please let me know , if you are able to fix this issue?
if that helps anyone, make sure as a itemId you do not use the itemId you see in github webapp url, but rather its true node ID starting with PVTI_
you can find this ID here: https://docs.github.com/en/issues/planning-and-tracking-with-projects/automating-your-project/using-the-api-to-manage-projects?tool=curl#finding-information-about-items-in-a-project