Error: Resource not accessible by integration

[dgokcin]

Hello

We are having problems if this action is triggered from a dependabot pull request. I am attaching the error I am having below. Thanks!

[tidusjar]

I'm also having this issue with forked PR's

[dgokcin]

@tidusjar apparently this was happening because of some missing permissions. I added this block to my workflow to fix it. you can check the documentation.

name: Build & Analyze Pull Requests

on:
  pull_request:
    types: [opened, reopened, synchronize, ready_for_review]
    branches:
    - develop
    - main

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  checks: write
  contents: write
  pull-requests: write

jobs:
  lint:
#...

[hungrybear88]

i had to add these to the workflow

permissions:
  statuses: write
  checks: write

[tomkerkhove]

It's still not working for me though:
https://github.com/tomkerkhove/promitor/runs/6961162337?check_suite_focus=true

jobs:
  verify_codebase:
    name: Verify Codebase
    runs-on: ubuntu-latest
    # Assign permissions for unit tests to be reported.
    # See https://github.com/dorny/test-reporter/issues/168
    permissions:
      statuses: write
      checks: write
      contents: write
      pull-requests: write

[JojOatXGME]

I am not using this Action, I noticed this issue because it is affecting a PR I created. I am not sure if granting more permissions to the build is a good solution. If I understand the documentation of GitHub Actions correctly, just granting this permission in the workflow file might not work for pull requests.

You can use the permissions key to add and remove read permissions for forked repositories, but typically you can't grant write access.

I am wondering if it might be better if this action would use the annotations API of @actions/core, instead of creating a new “check” using the REST interface? Maybe it could just be used as a fallback.

core.error(ellipsis(message, 65535), {
  title: ellipsis(`${e.suiteName} ► ${e.testName}`, 255),
  file: e.path,
  startLine: e.line,
  endLine: e.line,
})

I haven't used this API, I only found it in the documentation. This API doesn't seem to allow to set the raw_details property of the annotation. Here is the corresponding code in the current implementation:

test-reporter/src/report/get-annotations.ts

Lines 71 to 88 in e9fa2f5

	const annotations = errors.map(e => {
	const message = [
	'Failed test found in:',
	e.testRunPaths.map(p => ` ${p}`).join('\n'),
	'Error:',
	ident(fixEol(e.message), ' ')
	].join('\n')
	return enforceCheckRunLimits({
	path: e.path,
	start_line: e.line,
	end_line: e.line,
	annotation_level: 'failure',
	title: `${e.suiteName} ► ${e.testName}`,
	raw_details: fixEol(e.details),
	message
	})
	})

[DariuszPorowski]

It's still not working for me though: https://github.com/tomkerkhove/promitor/runs/6961162337?check_suite_focus=true

jobs:
  verify_codebase:
    name: Verify Codebase
    runs-on: ubuntu-latest
    # Assign permissions for unit tests to be reported.
    # See https://github.com/dorny/test-reporter/issues/168
    permissions:
      statuses: write
      checks: write
      contents: write
      pull-requests: write

@tomkerkhove if you have Recommended setup for public repositories configuration, then in the test-report.yml set:

permissions:
  statuses: write
  checks: write
  contents: write
  pull-requests: write
  actions: write  # <-- this was missing in your permissions