danger-js: [BUG] Danger doesn't work with App tokens anymore

Describe the bug This changelog line from version 0.21.1 claims:

- Add support for GithHub Apps API (no GET /user) - clintam

But that doesn’t seem to be true anymore as when we try to use a token from an App, we get:

Request failed [403]: https://api.github.com/user
Response: {
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/users/users#get-the-authenticated-user"
}

Doing a naive grep through he codebase, I only see /user referenced in tests (or non-GH platforms), so I’m not quite clear where it’s coming from.

To Reproduce Steps to reproduce the behavior:

  1. Use an App

Expected behavior

Screenshots

Your Environment

        # This is 11.3.1
        uses: docker://ghcr.io/danger/danger-js@sha256:24bec136a7129fa421fa4591aae7cc76ca60180ecea9d239c680c2fba338b2e9

GitHub Actions

Additional context Add any other context about the problem here.

About this issue

  • Original URL
  • State: closed
  • Created 3 months ago
  • Comments: 22 (9 by maintainers)

Most upvoted comments

I’ve done this in #1435

+2
orta on Apr 16, 2024

Well in getDangerCommentIDs we call getUserID() so that we can use it in the filtering.

However, it’s not necessary as we already check to make sure the body includes a check for the magic string DangerID: danger-id-Danger; we put in every comment in this filter. That combined with the filters to make sure it looks like a Danger comment in other ways should be sufficient.

Oh and the same logic is used to find inline PR comments. Again, I believe we can drop the call to /user (aka getUserID), which would make this work with Apps.

+1
jaymzh on Apr 15, 2024

I have an action that looks for it’s own comments by a magic string (an HTML comment) in the body, and it works well. It’s a much much simpler action than Danger, and JS isn’t a strong language of mine, so I haven’t quite been able to follow Danger’s code well enough to make the change, but I think it’d be a reasonable solution.

+1
jaymzh on Apr 10, 2024

It definitely has access (read-write to pull requests, which includes comments)

image
+1
jaymzh on Apr 10, 2024

Yeah I wasn’t claiming it was invalid, I totally see it as a valid possible config. I’ll double check the perms on the app. Thanks.

+1
jaymzh on Apr 10, 2024
Read more comments on GitHub
← danger-js: [BUG] Bitrise - Could not add a commit status, the GitHub token for Danger does not have access rights.
danger-js: [BUG] Github Actions: Resource Not Available to Integration →