Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(README.md) Personal access tokens for public user projects #51

Closed
j1elo opened this issue Sep 26, 2020 · 6 comments
Closed

(README.md) Personal access tokens for public user projects #51

j1elo opened this issue Sep 26, 2020 · 6 comments

Comments

@j1elo
Copy link

j1elo commented Sep 26, 2020

The README says that for

Private repository and project board

the required permission is repo ("Full control of private repositories").

However, this permission is actually required also for public repositories and project boards.

I've tested it with a public user-level Project: https://github.com/users/j1elo/projects/1
and a public repository: https://github.com/j1elo/test-repo

  • Using secrets.GITHUB_TOKEN fails with error Resource not accessible by integration (e.g. https://github.com/j1elo/test-repo/actions/runs/274046708)
  • Using write:org ("Read and write org and team membership, read and write org projects") causes an empty GraphQL response and the error Could not find the column "..." or project "..." (e.g. https://github.com/j1elo/test-repo/actions/runs/274113617) -- I tried this one just to test if user-level Projects had the same permissions as Organization Projects
  • At this point, I tried using all of the repo sub-scopes (repo:status, repo_deployment, public_repo, repo:invite, security_events), and it also causes an empty query response.
  • Finally, using the whole repo allowed the query to find the requested Project.

Proposed fix:

Either the README should be updated to reflect that repo is needed also for public user Projects and public repos; or else, if possible at all, the query should be made in a way that doesn't require full repo permissions just to search for existing Projects.

In any case, thank you very much for this action! :-)
@alex-page
Copy link
Owner

alex-page commented Sep 26, 2020
edited
Loading

Hey @j1elo thanks for the detailed issue! Do you want to make a PR to update it? Would be happy to make this change.

@j1elo
Copy link
Author

j1elo commented Sep 29, 2020

I wouldn't have enough knowledge about how to work with the GraphQL queries and Github permissions to know how to avoid that the repo permissions are needed (ideally, the less permissions the better); or to know if it is even possible to avoid having that permission (is it?)

Otherwise, yes I can propose a change to the README.

digitalronin added a commit to ministryofjustice/operations-engineering that referenced this issue Oct 20, 2020
@digitalronin
Use bot user PAT for issue automation
0a072da 
This action was failing with 
```
Resource not accessible by integration
```
I think this relates to [this issue](alex-page/github-project-automation-plus#51) so I'm replacing the default, automatically-provided `GITHUB_TOKEN` secret with a personal access token (PAC) belonging to the `cloud-platform-moj github bot account (which I have added to the `operations-engineering` github team).

This token has `repo` scope, and has been enabled for MoJ SSO, and added to this repo as the secret `CLOUD_PLATFORM_MOJ_GITHUB_TOKEN`

I'm hoping this will enable this action to work as it's supposed to.
@digitalronin digitalronin mentioned this issue Oct 20, 2020
Merged
nrb added a commit to nrb/velero that referenced this issue Dec 9, 2020
@nrb
Revert workflow access token changes
98a309f 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
@nrb nrb mentioned this issue Dec 9, 2020
Merged
ashish-amarnath pushed a commit to vmware-tanzu/velero that referenced this issue Dec 9, 2020
@nrb
Revert workflow access token changes (#3170)
844cc16 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
georgettica pushed a commit to georgettica/velero that referenced this issue Dec 23, 2020
@nrb @georgettica
Revert workflow access token changes (vmware-tanzu#3170)
c3038a6 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
georgettica pushed a commit to georgettica/velero that referenced this issue Jan 26, 2021
@nrb @georgettica
Revert workflow access token changes (vmware-tanzu#3170)
1afa87e 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
vadasambar pushed a commit to vadasambar/velero that referenced this issue Feb 3, 2021
@nrb
Revert workflow access token changes (vmware-tanzu#3170)
4fb5639 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
@D4nte
Copy link

D4nte commented Apr 28, 2021

So is the proper solution to have a token with whole repo permission?

@alex-page
Copy link
Owner

@D4nte yes so it can access issues and pull requests. Are you having issues with this?

@D4nte
Copy link

D4nte commented Apr 29, 2021

Now fixed. Thanks!

@alex-page
Copy link
Owner

@j1elo I have updated the documentation. Closing this issue for now but please re-open it if anything is missing.

dharmab pushed a commit to dharmab/velero that referenced this issue May 25, 2021
@nrb @dharmab
Revert workflow access token changes (vmware-tanzu#3170)
19aba30 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
@Doarakko Doarakko mentioned this issue Jun 26, 2021
Closed
ywk253100 pushed a commit to ywk253100/velero that referenced this issue Jun 29, 2021
@nrb @ywk253100
Revert workflow access token changes (vmware-tanzu#3170)
ceee813 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
gyaozhou pushed a commit to gyaozhou/velero-read that referenced this issue May 14, 2022
@nrb @gyaozhou
Revert workflow access token changes (vmware-tanzu#3170)
b023777 
Per
alex-page/github-project-automation-plus#51,
the `GITHUB_TOKEN` secret doesn't have the appropriate permissions to
manage the issue workflows at a repo level. Reverting to the previous
secret to get the workflows working again.

Signed-off-by: Nolan Brubaker <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@D4nte @j1elo @alex-page