configure-pages: Create Pages site failed: Resource not accessible by integration
Related: https://github.com/actions/starter-workflows/issues/332
The repo’s actions permissions are already set to read and write by default. Also tried setting permissions: write-all on the job. Also tried triggering on push, which I could’ve sworn was working yesterday. Nothing is working today.
name: Perform first-time setup of repo
on: create
jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Enable GitHub Pages
uses: actions/configure-pages@v2
Run actions/configure-pages@v2
with:
token: ***
enablement: true
Warning: Get Pages site failed
Error: Create Pages site failed
Error: AxiosError: Request failed with status code 40[3]
I also tried enabling Pages more directly with the GitHub API, and still got an error:
name: Perform first-time setup of repo
on: create
jobs:
setup:
runs-on: ubuntu-latest
steps:
- name: Enable GitHub Pages
id: url
uses: actions/github-script@v6
with:
script: |
return (await github.rest.repos.createPagesSite({
owner: context.repo.owner,
repo: context.repo.repo,
})).html_url;
with:
script: return (await github.rest.repos.createPagesSite({
owner: context.repo.owner,
repo: context.repo.repo,
build_type: "legacy",
})).html_url;
github-token: ***
debug: false
user-agent: actions/github-script
result-encoding: json
retries: 0
retry-exempt-status-codes: 400,401,40[3](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:3),[4](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:4)04,422
RequestError [HttpError]: Resource not accessible by integration
at /home/runner/work/_actions/actions/github-script/v6/dist/index.js:6172:21
Error: Unhandled error: HttpError: Resource not accessible by integration
at processTicksAndRejections (node:internal/process/task_queues:96:[5](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:5))
at async eval (eval at callAsyncFunction (/home/runner/work/_actions/actions/github-script/v[6](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:6)/dist/index.js:13356:16), <anonymous>:3:9)
at async main (/home/runner/work/_actions/actions/github-script/v6/dist/index.js:13452:20) {
status: 403,
response: {
url: 'https://api.github.com/repos/vincerubinetti/lab-website-template/pages',
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Wed, 23 Nov 2022 02:55:23 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-media-type': 'github.v3',
'x-github-request-id': '0402:0C51:2[7](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:7)629CE:507BEC5:637D[8](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:8)B[9](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:9)B',
'x-ratelimit-limit': '[10](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:10)00',
'x-ratelimit-remaining': '999',
'x-ratelimit-reset': '1669175723',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '1',
'x-xss-protection': '0'
},
data: {
message: 'Resource not accessible by integration',
documentation_url: 'https://docs.github.com/rest/pages#create-a-github-pages-site'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/vincerubinetti/lab-website-template/pages',
headers: {
accept: 'application/vnd.github.-preview+json',
'user-agent': 'actions/github-script octokit-core.js/3.6.0 Node.js/16.[13](https://github.com/vincerubinetti/lab-website-template/actions/runs/3528824640/jobs/5919310323#step:2:13).0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"build_type":"legacy"}',
request: { agent: [Agent], hook: [Function: bound bound register] }
}
}
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 15 (7 by maintainers)
There is not, as we keep security vulnerabilities close to the vest until they’re fully addressed. However, I had already added a note into our internal issue to post an update here once we proceed. 📝
Definitely off-topic. 😅 In the future, probably create a new discussion on the community forums: https://github.com/community/community/discussions
The Actions-provided
GITHUB_TOKENis locked down a bit, so even withpermissions: write-all, it isn’t going to give you anything beyond the allowed categories mentioned here: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs#overviewYou’ll notice there is no equivalent to the category you’re wanting to modify, e.g. you’re wanting something like
administration: write|read|none.You could create your own GitHub App if you want to work with extra APIs like that, otherwise you can always use a Personal Access Token to act as a user instead of using
GITHUB_TOKEN. 🤷🏻♂️Unfortunately, we needed to disable this functionality – hopefully just temporarily 🤞🏻 – due to a security bug bounty. 🛡️
We have a task in our backlog to investigate what it would take to reenable this. If we can’t, we will cut a new major version bump of this Action to remove the enablement functionality.