Comments (5)
felladrin
commented on June 11, 2024
1
That's true, it's up to the user. My suggestion was to point the users to this info somewhere in the Readme, because I assume more users will open issues related to this later on.
I think something like this in the Readme would help:
Note that this action requires permissions to read both Pull Requests and Issues from the repository. If you get an error like 'Resource not accessible by integration', please refer to this documentation or this example.
from dependencies-action.
felladrin
commented on June 11, 2024
@gregsdennis, please take it into account. This is some useful info to have on Readme.
In my case, here's how the workflow file ended up:
name: PR Dependency Check
on: [pull_request]
jobs:
pr-dependency-check:
runs-on: ubuntu-latest
name: Check PR Dependency
permissions:
pull-requests: read # Reason: To check PRs for dependencies.
issues: read # Reason: To check issues for dependencies.
steps:
- uses: gregsdennis/dependencies-action@main
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}from dependencies-action.
gregsdennis
commented on June 11, 2024
@felladrin I'm happy to make changes, but I'm not sure what this is asking me to do. The post seems more informational than a call to action.
from dependencies-action.
felladrin
commented on June 11, 2024
It's related to the RequestError [HttpError]: Resource not accessible by integration, which can happen if those permissions are not set.
For example, this error can occur if a person creating a PR does not have full permissions to the repository (e.g. they're just a collaborator and not an owner). So when we add the permissions directly into the workflow file, it adds the permission on-the-fly to the GitHub Token.
from dependencies-action.
gregsdennis
commented on June 11, 2024
@felladrin that's good info, but what do I need to do for this? It looks like it's something that's in the user's action.yml, not anything here. This is where I'm confused.
from dependencies-action.
Related Issues (14)
- Parse PR links
- Support external repos
- Parse link embedded in Markdown
- An open issue
- broken link to example in readme HOT 1
- Node.js 12 deprecation HOT 1
- ability to add custom regex for identifiying lines HOT 1
- Check fails even if body is empty HOT 1
- Make workflow work when PR is opened from fork HOT 7
- add label when keywords are used HOT 2
- Second PR dependency is not matched/checked HOT 7
- hotfix needs for uuid HOT 8
- Node.js 16 deprecation HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependencies-action.