Issue with Github token

[smutel]

Hello,

I have an issue with the GITHUB token. I am sure that the code I am using worked before so it's perhaps a github bug or something which is not possible anymore.

Here is the workflow in error:
https://github.com/smutel/go-netbox/runs/6091006484?check_suite_focus=true

Here is my github action configuration:
https://github.com/smutel/go-netbox/blob/a2b97bdc1e2075863750b909428f624c89539f5a/.github/workflows/pr.yml#L13

Here is the answer from someone from the support:
https://github.521000.bestmunity/t/403-resource-not-accessible-by-integration/245926

Do you have an idea of how to bypass this in a secure way ?
Do I need to create a personal token ? What is the needed options for that token ?

[Namchee]

Thanks for filing this issue!

Unfortunately, the answer is you can't. As explained by GitHub, bypassing this behavior is dangerous as it may lead to unauthorized PRs having unintended write access to your repository. This action is designed to work in a trusted internal environment in the first place, so I won't support this behavior. This behavior has never been changed by GitHub, so I don't know why it worked previously before as it shouldn't.

As an alternative solution, I can add an option to just log the result to console. Will that work for you use case?

[smutel]

What I don't understand is the difference between this check which is working fine:
https://github.com/smutel/terraform-provider-netbox/pull/91/checks

And this one which is not working:
https://github.com/smutel/go-netbox/pull/23/checks

[Namchee]

At v0.7.0, this workflow doesn't write any report in a form of issue comments. Also, the check passes so this workflow doesn't need to change the pull request state to closed which requires a write access*. In summary, for that particular pull request, this workflow doesn't require any write access at all so it's working fine.

This is not the case with this pull request, as the check fails and it now will write the report to your repository which requires write access to your repository.

[smutel]

Make sense. So yes if you can add an option to only log to console it will be appreciated.

[Namchee]

Alright, I've added a new option called report. For forked PRs, you can use close: false and report: false to prevent 403 errors.

[smutel]

I still have issues : https://github.com/smutel/go-netbox/pull/23/checks
I will open a new PR very soon.

[smutel]

Could you please tell me why this PR is not valid: https://github.com/smutel/go-netbox/pull/23/checks.
I am not sure to understand how the report is working ...

2022/04/22 05:20:12 [INFO] Pull request has mentioned issues — ✅ — ❌

What is the goal of fist symbol ? Second symbol ?

[Namchee]

Reopening this due to #69

As for the report, I should've used words on console report.

[Namchee]

Release 0.10.1. The default label is now empty to avoid 403.

Emojis in the console report are replaced with constant strings instead.

[smutel]

Hello, Issue again with version 0.10.1 : https://github.com/smutel/terraform-provider-netbox/pull/109/checks

[Namchee]

@smutel Sorry for the late reply.

You have a non-empty label field. To prevent conventional-pr for attempting to give labels, try removing label or fill it with an empty string.

[port19x]

Yeah, this makes no sense.
why not just support a passive read-only check through some flag?

[Namchee]

@port19x, as of v0.12.0, this action runs on 'read-only' mode, where it doesn't write any report as a comment. It shouldn't cause token issues anymore. Additionally, you can try disabling the label, message, and close option.

If it still doesn't perform as you might expect, please open a new issue with:

1. What you expect to happen
2. What actually happened
3. Action log