danger-js: [BUG] Github Actions: Resource Not Available to Integration
Describe the bug In DangerJS lately, I’ve been getting 403 errors when it’s trying to fetch the previous comments, so it’s constantly duplicating the danger message.
Actions Log Output
$ /github/workspace/node_modules/.bin/danger ci --id main --dangerfile ./scripts/danger/main.ts
:+1: Jest tests passed
Main Dangerfile Loaded
{
fails: { numEntries: 0, sumNumChars: 0 },
warnings: { numEntries: 0, sumNumChars: 0 },
messages: { numEntries: 1, sumNumChars: 123 },
markdowns: { numEntries: 0, sumNumChars: 0 }
}
{ spacePerMessage: 64987, shortenedSpacePerMessage: 64984 }
Found only messages, passing those to review.
Request failed [403]: https://api.github.com/user
Response: {
"message": "Resource not accessible by integration",
"documentation_url": "https://developer.github.com/v3/users/#get-the-authenticated-user"
}
Request failed [403]: https://api.github.com/user
Response: {
"message": "Resource not accessible by integration",
"documentation_url": "https://developer.github.com/v3/users/#get-the-authenticated-user"
}
Feedback: https://github.com/taskrabbit/tr_client/pull/1345#issuecomment-611692062
To Reproduce
Steps to reproduce the behavior:
- Configure DangerJS to run in Github Actions using the default token
- I assume let Github change some semantics
- Notice comments start duplicating
Speculation: this might also be affected by a long-running PR that had many comments, but my testing suggests that this isn’t actually in play here 😕
Expected behavior
Since I’ve configured danger to update the same comment in place, it should be able to do just that instead of duplicating comments.
Your Environment
| software | version |
|---|---|
| danger.js | 9.2.10, 9.4.x, 10.1.0 |
| node | 12.16.1 |
| npm | 6.13.4 |
| Operating System | Github Actions (linux) |
Additional context Add any other context about the problem here.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 3
- Comments: 24 (18 by maintainers)
Hey folks! I resolved this two different ways in different repos.
Originally, it worked out with a a custom Personal Access Token – as described by @gabsmprocha, but in a new repo, we resolved it by giving the appropriate permissions in the workflow
.yamlfile:Note: your exact needed permissions depend on what exactly your Dangerfile tries to do!
Announcement for the Permissions Feature + Docs
Note: you’ll still see console log messages about 403 errors, as DangerJS doesn’t know what permissions a token has until it hits different APIs, so as an example, our repo sees two 403 errors in the logs on every danger run, but it succeeds at posting/updating comments, as well as marking commits as failed/or green.
I’m going to close this ticket, as there are 2 workarounds, and my original issue was a long while ago. If these workarounds don’t work for you, please file a new ticket with an updated description of exactly what you’re seeing + ideally a snippet of the Permissions you’ve attached to the custom token, or the Permissions you’ve applied to your workflow file!
DangerJS should fail if it can’t use the API.
It would be a good idea for the error messages comming out of dangerjs to also mention that “posibly calls to this method may fail if your token does not include permission X”
then for each method, identify what api calls it’s making and correlate it to the permissions we can set for our actions when using the
secrest.GITHUB_TOKEN.what I’m not suggestion is that you just say: “this method may fail if your PAT does not have the repo scope”.