-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remote: Permission to git denied to github-actions[bot]. #96
Comments
Do you have organisation restriction? Is that branch protected? |
I am trying to push to dependapot pr branch. There should be no limits on that. |
Looks mention:
Default is:
See https://github.com/ad-m/cbosa/runs/3197304980?check_suite_focus=true . Something is restricting permission. What do you have at https://github.com/NRCHKB/node-red-contrib-homekit-docker/settings/actions in "Workflow permissions" section? |
@ad-m here it is, says read and write In your reference (cbosa run), you were pushing to master, I am trying to push to PR branch. |
|
@ad-m update.
I receive new error from your action: UPDATE. |
See Using encrypted secrets in a workflow
See "Maximum access by forked repos" in Permissions for the GITHUB_TOKEN I suggest - in your scenario – using the "push" event instead of "pull_request" and using GITHUB_TOKEN. Then the "push" event will be executed in the context of the source repository (repository that is fork), so it will be a local operation and will be a full write to the local repository. |
Just to clarify. I am merging between branches on the same repo. Solution might be to extend permissions for GitHub token per job: |
Thank for you clarification. It makes a big different. I don't understand why extends of permission for GitHub token is required in your scenario. In my experience, the token should have the necessary "read / write" permissions currently. I already shared information permission of one of my job on personal repository. Setting up permission in a workflow can potentially solve the problem, but it's worth understanding why it is required in this case.Setting up permission in a workflow can potentially solve the problem, but it's worth understanding why it is required in your case. GitHub documentation mention:
Could you verify that in your organisation? |
@Shaquu ran into the same issue here and it seems it is a limitation of the way dependabot works and there's a note in Github docs
|
It seems also you can manage this behavior in your organization action settings "Fork pull request workflows in private repositories" -> "Send secrets to workflows from fork pull requests." |
so im trying to create a branch.. called dist.. where dist folder is generated... should I push it with dependabot? or is there a better strategy? |
I have the same problem |
Hi @lixuguang, do you have checked the access rights of the token? |
I ran into this issue while trying to solve the same problem. In case it's helpful, I found some good examples that helped me resolve it. What @noxxious said, that dependabot by default has a readonly token, is true, but it looks like adding a top-level entry allows us to change that: permissions:
pull-requests: write
issues: write
repository-projects: write See: |
Hi team, I tried permissions above but it won't work. |
Hi @SamYuan1990, as far as I know, it should work with the corresponding rules. Could you please describe your setup and post the corresponding error message? |
Hi @ZPascal , we find a bot account to avoid this issue. We once have a rule for commit on default branch should have a pr back. and then, the issue appears as push back without a pr. |
Hi @SamYuan1990, could you please share the scopes of the token and the used GitHub Action configuration to reproduce the error? |
Worked for me too! Thanks! |
The images look broken here... it's hard to tell what settings you suggest enabling without them. 🤔 |
@marknoble You can also follow this recommendation to handle access rights. |
I was able to confirm that permissions are set to read and write, but I'm still seeing this error: remote: Permission to {repo name}.git denied to github-actions[bot]. So, I'm still researching solutions. |
@marknoble Could you please explain your use case? Maybe you need a PAT. |
Fortunately/unfortunately I nuked my repo and did a fork on the project I was trying to emulate. For whatever reason, that solved the issue for me. I had initially manually created the folder structure and files. I wish I knew what I was doing wrong, but forking from the working project resolved the issue for me. 🤷♂️ |
@marknoble That sounds great. Maybe you've specified the wrong reference or it's necessary to use the |
Came here to see why my workflow was failing. It took adding permissions so that Dependabot could modify the pull-request and push the changes back to the repo:
|
Thanks |
Hi,
I am trying to push changes but like you will see it fails due to some errors.
Test run is here:
https://github.com/NRCHKB/node-red-contrib-homekit-docker/runs/3194895671?check_suite_focus=true
Error
Part of the gh action:
The text was updated successfully, but these errors were encountered: