-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resource not accessible by integration #8843
Comments
Heh, this is not a question, but a bug report. |
Hi @serathius, In general, that error usually indicates something wrong with GitHub Actions token permissions. It looks like you've changed your default token permissions to be restrictive by default without updating the workflow to include the permissions needed for Code Scanning. Updating the permissions to:
should fix your issue. |
Thanks for info, however please stop introducing breaking changes in |
I don't think we introduced any breaking changes in this case. These permissions have been the suggested defaults for a long time. You can check out the readme on https://github.com/github/codeql-action for the details. |
@MathiasVP Not necessarily the same issue, but I am receiving same error while fetching dependabot issues via a graphql query, I tried with |
Hi @L3m0nb4tt3ry, Thanks for posting! We'll be happy to take a look at your situation. Would you mind opening a fresh issue with this? |
Looking into the [`Resource not accessible by integration` error](https://github.com/pypa/twine/actions/runs/3616376262/jobs/6094277326), I found [an issue](github/codeql#8843) that recommended setting the `permissions`. Looks like this has been added to the [current CodeQL template](https://github.com/pypa/twine/new/main?filename=.github%2Fworkflows%2Fcodeql.yml&workflow_template=code-scanning%2Fcodeql), so I copy & pasted that here.
Looking into the [`Resource not accessible by integration` error](https://github.com/pypa/twine/actions/runs/3616376262/jobs/6094277326), I found [an issue](github/codeql#8843) that recommended setting the `permissions`. Looks like this has been added to the [current CodeQL template](https://github.com/pypa/twine/new/main?filename=.github%2Fworkflows%2Fcodeql.yml&workflow_template=code-scanning%2Fcodeql), so I copy & pasted that here.
This is needed by CodeQL to be able to report events. Signed-off-by: Francis Laniel <[email protected]> Fixes: f04d95b ("ci: Add CWE checks for ig.") [1]: github/codeql#8843 (comment)
This is needed by CodeQL to be able to report events. Signed-off-by: Francis Laniel <[email protected]> Fixes: f04d95b ("ci: Add CWE checks for ig.") [1]: github/codeql#8843 (comment)
This is needed after switching default token permissions to be restrictive by default. github/codeql#8843
This is needed after switching default token permissions to be restrictive by default. github/codeql#8843
In commit 977e717 token permissions are set to read. However codeql needs also write for uploading security-events: Uploading results Processing sarif files: ["/home/runner/work/ganeti/results/python.sarif"] Validating /home/runner/work/ganeti/results/python.sarif Combining SARIF files using the CodeQL CLI Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information. Uploading results Warning: Resource not accessible by integration Error: Resource not accessible by integration See also github/codeql#8843 Signed-off-by: Sascha Lucas <[email protected]>
In commit 977e717 token permissions are set to read. However codeql needs also write for uploading security-events: Uploading results Processing sarif files: ["/home/runner/work/ganeti/results/python.sarif"] Validating /home/runner/work/ganeti/results/python.sarif Combining SARIF files using the CodeQL CLI Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information. Uploading results Warning: Resource not accessible by integration Error: Resource not accessible by integration See also github/codeql#8843 Signed-off-by: Sascha Lucas <[email protected]>
fixes codeql action error see details: github/codeql#8843 (comment)
fixes codeql action error see details: github/codeql#8843 (comment)
Thank you @MathiasVP that fixed it for us |
Description of the issue
Etcd CodeQL analysis is broken returning 403. etcd-io/etcd#13978
The text was updated successfully, but these errors were encountered: