pytest-coverage-comment: Resource not accessible by integration

I encountered this same error while working on a class project for university. I was able to resolve it after reviewing the github organization and repository documentation for configuring the default GITHUB_TOKEN permissions.

Organization documentation link :https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization

Repository documentation link: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-the-default-github_token-permissions

Essentially, you need to change the workflow read/write permissions from the defaults on the repository or organization level. I believe that you need to be the owner of the repo/organization to make the change. I have not tried as admin, but I know that you are unable to as a member.

The default settings:

Settings that fix the error:

I have tested my actions file with below permissions setting and it works.

jobs:
  pytest:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write

I’m also still seeing this error with the following configuration:

jobs:
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 8
    permissions:
      pull-requests: write
      contents: read
      id-token: write
    
    steps:
      ......
      - name: Run Unit Tests with Coverage
        run: make test-cov
      - name: Pytest coverage comment
        uses: MishaKav/pytest-coverage-comment@9689962ff78b20865e4ec0b90789e62309498aab
        with:
          pytest-coverage-path: ./pytest-coverage.txt
          junitxml-path: ./pytest.xml

I added the pull-requests: write permissions at the root of my workflow file and also removed the on: push , so only the pull_request trigger remains, that solved it for me.

Also may be solved with workflow_run like in this example #153

Oh! I think I get it! I was having a similar problem even after adding the following code and following Ryan’s suggestion

on:
    push:
      branches:
        - master
    pull_request:

jobs:
  build-test:
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        python-version: ["3.9"]
    permissions:
      issues: write
      pull-requests: write
    steps:
    - name: Checkout
      uses: actions/checkout@v3
<---- Snip ---->

    - name: Pytest coverage comment
      uses: MishaKav/pytest-coverage-comment@main
      with:
        pytest-xml-coverage-path: ./coverage.xml
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

I noticed that it passed on pushing to my feature, but failed on merging to master. So, I added contents: write based on this comment and it then passed on merge.

So basically, I think I will set pytest-coverage-comment to not run on merge with an if condition as I think it is not required at that stage.

Hopefully this is useful for someone! 😃

I’m also still seeing this error with the following configuration:

jobs:
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 8
    permissions:
      pull-requests: write
      contents: read
      id-token: write
    
    steps:
      ......
      - name: Run Unit Tests with Coverage
        run: make test-cov
      - name: Pytest coverage comment
        uses: MishaKav/pytest-coverage-comment@9689962ff78b20865e4ec0b90789e62309498aab
        with:
          pytest-coverage-path: ./pytest-coverage.txt
          junitxml-path: ./pytest.xml

I was able to fix something similar by changing it from push to pull_request

name: Check changes on branch

on:
  pull_request:

Try adding pull-requests: write to your permissions for the GITHUB_TOKEN